Can anybody please help. I'm trying to create a profile for Blade to pull out ODT files.
The file signature I have is
50 4B 03 04
I have put this into Blade with 0 Bytes to SOF and floating EOF.
and I have tried is written as \x50\x4B\x03\x04
I have loaded it over a test ODT file but its still not seeing it.
Anything obvious?
Thanks
4R
In my CnW recovery software I use the following search
if (fbuf[0]=='P' && fbuf[1]=='K' && fbuf[2]==0x3 && fbuf[3]==0x4 && fbuf[4]==0xa &&
(cmpnameup(fbuf+0x1e, "mimetypeapplication", 0x13)==TRUE)){
}
Your string should find all ZIP, DOCX, XLSX files as well as .ODF files
Personally I ignore end strings and verify the file after carving. At this point the file length can be corrected, and meta data extracted to add to the file name.
Anything obvious?
Cannot say if it is relevant, but besides the ODT file header, that is the common one for .zip files (basically beacuase an ODT is a ZIP file
http//
http//
http//
It is possible that having a "double" definition it gets confused.
You may try with "mimetype"
http//
Or possibly you should find them as "ZIP" files and then use something like TrID to post-process them
http//
jaclaz
Have sent you a couple of PM's
Best regards
Paul
Thanks guys,
I will try some of these suggestions.
I did try the ZIP file things, but that didn't work for some. I have a couple of other things to try, then its time to call it a day and go home… I don't fancy stressing over this at 520pm on a Friday night!
If I get no success I will look on Monday.
Thanks for the replies. Will check by in after the weekend.
Have a good one people! )
4R