Does anyone have any suggestions on how to best approach "unknown file type" messages when using tools like FTK. In some cases I see a hex header that looks like, say a .bmp file, but it won't dislpay under a browser or I end u p with a little x graph in a box. Could this just be a corrupted file? Could it be a link to an external souce, say a thumbdrive. Any ideas would be appreciated.
Mike
"Unknown Type" are just things that FTK doesnt fit into one of its other categories ie 'know about', so it could be anything basically, perfectly valid java class files will go in there for example, so would all the other files FTK doesnt explicitly do anything with.
So your process would be the same for any file (ignoring FTK) that you didnt know how to deal with. (Sig analysis / carving perhaps / determining its likely use/content based on location / etc)
Thanks Rich!