1) Finding file information using extensions
A common way to analysis the detail of a file is using the extensions of the file. Extension is a set of characters at the end of the file name separated by the final dot(.) from the filename.
Example: In a file with name “dolphin.jpg”, dolphin is the name of file whereas jpg is the file extension which tells the file type is actually a image/jpeg file.
Using extensions detail to find file info
In linux based systems the filetype info through extension is stored on location /usr/share/misc/magic as a structure whereas same information can be found on windows registry at HKEYCLASSESROOT subtree.
Given below is the part of linux filetype structure:
Advantage of using these sources is reliability as they are stored by operating system default itself and its also easy to use and handle across different programs.
The issue with getting dependent on file extension is that extensions are a convention that are not enforced by the file system or OS. A user can change a extension and the file can still be used by programs.
2) Finding file information using magic number
Much reliable way to find any file details can be using Header signature of a file.
Typically file header contains metadata about the file to help a software application validate the file content is correct or not, load the data and view or process the data. Header signature or also called magic number typically are at the start of the file and allows a program to initially determine if the file is valid by first checking presence of number.
Often quoted example is JPEG byte sequence 0xFF 0xD8 0xFF 0xE0, appear as the characters ÿØÿà when JPEG file viewed in a hex/ASCII editor.
Using these magic number has advantage over using file extension as these number produce accurate result of file type. Manipulating these number will result the file to be not identified by application that will process it.
Using magic number to find file info
You can get hexadecimal magic number of a program using any hexeditor tool in linux or windows system. For example in linux system you can use xxd as you hex editor.
Once you find the magic number you can compare them with the magic numbers of different format.
You can also use file command (which exatly done the same to find the file
type using magic numbers).
3) Finding file information by analysing the contain inside the file
Most of the file we deal in real are text based(containing ASCII characters).
A text based file can be analysed by looking at its content.For example for programming files we can look at the header at the starting of code to find the programming language used. All programing code has includes at the starting of program in their defined format or have shebang ‘#!/bin/program’ at the start.
#include<stduo.h> C/C++ #!/bin/bash Bash executable file #!/bin/sh sh executable #!/bin/perl perl program #!/bin/ruby ruby program <?xml version="1.0" encoding="UTF-8"?> xml file etc
For configuration file we can look for the syntax type used by common
formats like yml,ini or xml.
For example we can look for name=value field in case of ini config files.
These header are processed by programs to find how to treat these file or
through which compiler to run these file. Hence they are mostly included in
fix formatted files and we can use them to get desirable file info.