Digital forensics examiners acquire large numbers of files as they carry out their investigations.
File Format Identification
Download Resources
PDF Accessibility
One or more of the PDF files on this page fall under E202.2 Legacy Exceptions and may not be completely accessible. You may request an accessible version of a PDF using the form on the Contact Us page.
Digital forensics examiners acquire large numbers of files as they carry out their investigations. Effective exploitation of the files found on seized media depends upon accurate file format identification. However, file format identification is a hard problem. Existing tools and techniques fail to identify all of the files that an investigator may have interest in. This paper describes the state of the art in file format identification, existing tools and evaluations thereof, and some of the new techniques developed for the File Format Identification MITRE Sponsored Research project.