My thesis supervisor had suggested a topic about this "file extensions computer forensic" to me as my graduate dissertation.He mentioned about develop a mechanism or tools that could verify or recover the files that was modified with its extensions .For example, fileA.doc had changed to fileA.dll.That file was contain some important information but cannot be read since the extension was modified .Furthermore if that file was reside into a group of files ,people would not know that those files was contain a .dll file that suppose to be .doc file.My dissertation supervisor wants me to develop a tools that could revert the file to its original state .Do u guys think that is a good topic and any reference or keyword should i searching to get more information about this topic .Thanks
"reference or keyword should i searching" = File Signature Analysis
Core of many of the forensic methods and software that exists today.
You will have fun setting the correct extension back again. The normal .DOC file format has the same header for many variations, eg .PPT, .XLS.
For Office 2007, it is a PKZIP header, again with many variations for files that start with the same signature. It is necessary to Unzip the file first and analyse the contents eg http//
There is also the .exe, .dll group that all start MZ.
Some file types are easy, other as above are more complex
Pleased with u guys reply , anyway is there any open source tools that have the similarities to analyze the file signature or header that would be help to develop the application for the thesis.I would like to know any programming code function or library that is essentials for the progamming part of the project.
"open source tools" - do a man page search for "magic"
You might want to do a little more research about the field and science of computer forensics in general as the questions you are posing are fairly base and seem to indicate that you might need a deeper understanding. I would recommend reading some of the sticky posts in the forum groups as well as searching the forum (Google search on the top left).
If you are looking to test and understand some tools, try SIFT by Rob Lee and SANS. I would be an excellent place to start.
Any sample code that could read the file signature and return the value of the signature so that it could be display to the user interface of the program ?Furthermore i would like to know that how is the coding to do the comparison of file signature and extension so that it could identified whether its a wrong extension or not
I think this is basic programming rather than a forensics question.
The forensic element is working out the correct values, and correct location of bytes to be used to build up a unique file signature