File Headers for da...
 
Notifications
Clear all

File Headers for data carving

5 Posts
4 Users
0 Likes
450 Views
(@dadatacop)
Posts: 21
Eminent Member
Topic starter
 

I was looking for file headers to try and carve out data from unallocated space on a drive where the suspect re-installed the OS (Vista HP 32-bit). I was able to find a lot of images using the JPG header and the keyword search has found web history data, but I'm looking for documents.

*.doc
*.wpd
*.txt
*.pdf
And any known headers for web based e-mail. Most likely AOL, Yahoo, Hotmail or Gmail.

TIA
Aron

 
Posted : 26/08/2010 6:20 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

I was looking …

WHERE? ?

Or, in other words, is your Google broken? 😯

Like
http//msdn.microsoft.com/en-us/library/cc313153(v=office.12).aspx
http//www.adobe.com/devnet/pdf/pdf_reference.html
http//www.corelconnected.com/html/files/WPFF_!DocumentStructure.htm
(first results in a two minutes search)

*.txt

You sure you want a file header for .txt files? roll

jaclaz

 
Posted : 26/08/2010 6:36 pm
binarybod
(@binarybod)
Posts: 272
Reputable Member
 

Have a look at http//www.garykessler.net/library/file_sigs.html
alternatively in a *nix installation have a look at the magic file usually found in /usr/share/misc/magic

Paul

 
Posted : 26/08/2010 7:19 pm
(@armresl)
Posts: 1011
Noble Member
 

Seriously makes you wonder about the rest of the investigation, when something this basic is asked.

I concur with the WHERE statement.
Also agree with Binary Bod FIRST hit,
http//www.garykessler.net/library/file_sigs.html

 
Posted : 26/08/2010 7:52 pm
(@dadatacop)
Posts: 21
Eminent Member
Topic starter
 

Thanks binarybod. Kessler's list exactly what I was looking for.

 
Posted : 27/08/2010 8:11 am
Share: