출처!: http://forensic-proof.com/
좋은자료가 정말 많은 곳 입니다.
Header Signature (Hex) | File Type | Description |
xx xx xx xx AF 11 | FLI | Graphics – Autodesk Animator |
xx xx xx xx AF 12 | FLC | Graphics - Autodesk 3D Studio |
xx xx 2D 6C 68 35 2D
- 1 h 5 - |
LZH | Archive – LHA Compressed Archive File |
00 | PIF
PIC YTR |
Windows – Program Information File
Graphics – IBM Storyboard Bitmap File IRIS OCR Data File |
00 00 00 02 | MAC | Graphics – MAC Picture Format |
00 00 00 nn 66 74 79 70
f t y p 33 67 70 3 g p |
3GG
3G2 |
3rd Generation Partnership Project 3GPP (nn=0×14)
3GPP2 (nn=0×20) Multimedia File |
00 00 00 18 66 74 79 70
f t y p 33 67 70 35 3 g p 5 |
MP4
|
MPEG-4 Video File
|
00 00 01 00 | ICO | Graphics – Windows Icon Format |
00 00 01 Bx | MPG | MPEG Video File |
00 00 02 00 | CUR
WB2 |
Graphics – Windows Cursor File
Spreadsheet – QuattroPro |
00 00 02 00 04 04 | WKS | Spreadsheet – Lotus 1-2-3 |
00 00 02 00 05 04 | WRK | Spreadsheet – Symphony |
00 00 02 00 06 04 | WK1
WR1 |
Spreadsheet – Lotus 1-2-3
Spreadsheet – Symphony |
00 00 1A 00 00 10 | WK3 | Spreadsheet – Lotus 1-2-3 |
00 00 1A 00 02 10 | WK4 | Spreadsheet – Lotus 1-2-3 |
00 00 49 49 58 50 52
I I X P R |
QXD | Quark Express Document (dependant endian)
Note: It appears that the byte following the 0×52 (“R”) is the languate indicator; 0×33(“3″) seems to indicate English and 0×61(“a”) reportedly indicates Korean |
00 00 49 49 58 50 52
M M X P R |
QXD | Quark Express Document (dependant endian)
Note: It appears that the byte following the 0×52 (“R”) is the languate indicator; 0×33(“3″) seems to indicate English and 0×61(“a”) reportedly indicates Korean |
00 00 EF FF | Byte-order mark for 32-bit Unicode Transformation
Format | |
00 01 00 00 4D 53 49 53
M S I S 41 4D 20 44 61 74 61 74 A M D a t a b 61 62 61 73 65 a s e |
MNY
|
Microsoft Money File
|
00 01 00 00 53 74 61 72
S t a n 64 61 72 64 20 4A 65 74 d a r d J e t 20 44 42 D B |
MDB
|
Database – Microsoft Access File
|
00 01 00 08 | IMG | Graphics - GEM Image Format |
00 01 01 | FLT | Graphics – OpenFlight 3D File |
00 01 42 41
B A |
ABA | Palm Address Book Archive File |
00 01 42 44
B D |
DBA | Palm DataBook Archive File |
00 06 15 61 00 00 00 02
00 00 04 D2 00 00 10 00 |
DB | Database – Netscape Navigator (v4) |
01 11 AF | FLI | Graphics – FLIC Animation File |
00 1E 84 90 00 00 00 00 | SNM | Netscape Communicator (v4) Mail Folder |
00 5C 41 B1 FF | ENC | Mujahideen Secrets 2 Encrypted File |
00 6E 1E F0 (offset : 512 bytes) |
PPT | PowerPoint Presentation SubHeader |
01 00 00 00
|
EMF PIC |
Extended(Enhanced) Windows Metafile Format
Printer Spool File (0×18-17 & 0xC4-36 : Win2K/NT, 0x5C0-1 : WinXP) Spreadsheet Graph – Lotus 1-2-3 |
01 10 | TR1 | Novell LANalyzer Capture File |
01 DA 01 01 00 03 | RGB | Graphics – Silicon Graphics RGB Bitmap File |
01 FF 02 04 03 02 | DRW | Graphics – Micrografx Vector Graphics File |
02 64 73 73
d s s |
DSS | Graphics – Digital Speech Standard
(Olympus, Grundig & Phillips) |
02 | DBF | Database – dBASE II |
03 | DBF
DAT |
Database – dBASE III
Database – dBASE IV MapInfo Native Data Format |
03 00 00 00 | QPH | Quicken Price Histroy File |
03 00 00 00 41 50 50 52
A P P R |
ADX | Approach Index File |
04 | DB4 | Database – dBASE IV Data File |
07 | DRW | A common signature may drawing programs |
07 64 74 32 64 64 74 64
d t 2 d d t d |
DTD | DesignTools 2D Design File |
08 | DB | Database – dBASE IV
Database – dBFast Configuration File |
09 00 04 00 07 00 01 00 | XLW | Spreadsheet – Excel BIFF2 |
09 02 06 00 00 00 01 00 | XLW | Spreadsheet – Excel BIFF3 |
09 03 06 00 00 04 00 01 | XLW | Spreadsheet – Excel BIFF4 |
0A nn 01 01 | PCX | Graphics – ZSOFT Paintbrush
(nn = 0×02, 0×03, 0×05) |
0C ED | MP | Graphics – Monochrome Picture TIFF Bitmap File |
0D 44 4F 43
D O C |
DOC | DeskMate Document File |
0E 57 4B 53
W K S |
WKS | DeskMate Worksheet |
0F 00 E8 03 (offset : 512 bytes) |
PPT | PowerPoint Presentation SubHeader (MS Office) |
11 00 00 00 53 43 43 41
S C C A |
PF | Windows Prefetch File |
1A 00 00 | NTF | Database – Lotus Notes Template File |
1A 00 00 04 00 00 | NSF | Database - Lotus Notes File |
1A 0x | ARC | Archive – LH Achive File, Old Version
(x = 0×02, 0×03, 0×04, 0×08, 0×09) |
1A 0B | PAK | Archive – PAK Archive File |
1A 35 01 00
5 |
ETH | GN Nettest WinPharoah Capture File |
1A 52 54 53 20 43 4F 4D
R T S C O M 50 52 45 53 53 45 44 20 P R E S S E D 49 4D 41 47 45 20 56 31 I M A G E V 1 2E 30 1A . 0 |
DAT
|
Graphics – Runtime Software Disk Image File
|
1D 7D | WS | WordStar Version 5.0/6.0 Document File |
1F 8B 08 | GZ | Archive – GZIP Archive File |
1F 9D 90 | TAR.Z | Archive – Tape Archive File |
21 12
! |
AIN | Archive - AIN Archive File |
21 3C 61 72 63 68 3E 0A
! < a r c h > |
LIB | Archive – Unix Archiver(ar) Files
Microsoft Program Library Common Object File Format (COFF) |
21 42 44 4E
! B D N |
PST | Microsoft Outlook File |
23 20
# |
MSI | Cerius2 File |
23 20 4D 69 63 72 6F 73
# M i c r o s 6F 66 74 20 44 65 76 65 o f t D e v e 6C 6F 70 65 72 20 53 74 l o p e r S t 75 64 69 6F u d i o |
DSP
|
Microsoft Developer Studio Project File
|
23 21 41 4D 52
# ! A M R |
AMR | Adaptive Multi-Rate ACELP Codec Format |
24 46 4C 32 40 28 23 29
$ F L 2 @ ( # ) 20 53 50 53 53 20 44 41 S P S S D A 54 41 20 46 49 4C 45 T A F I L E |
SAV
|
SPSS Data File
|
25 21 50 53 2D 41 64 6F
% ! P S - A d o 62 65 2D b e - |
EPS
|
Adobe Encapsulated PostScript File
|
25 50 44 46
% P D F |
PDF
FDF |
Adobe Portable Document Format File
Forms Document File |
28 54 68 69 73 20 66 69
( T h i s f i 6C 65 20 6D 75 73 74 20 l e m u s t 62 65 20 63 6F 6E 76 65 b e c o n v e 72 74 65 64 20 77 69 74 r t e d w i t 68 20 42 69 6E 48 65 78 h B i n H e x 20 |
HQX | Archive - Macintosh BinHex 4 Archive |
2A 2A 2A 20 20 49 6E 73
* * * I n s 74 61 6C 6C 61 74 69 6F t a l l a t i o 6E 20 53 74 61 72 74 65 n S t a r t e 64 20 d |
LOG
|
Symantec Wise Installer Log File
|
2D 6C 68
- l h (offset : 2 bytes) |
LHA, LZH | Archive – Compressed Archive File |
2E 52 45 43
R E C |
IVR | RealPlayer Video File (v11 and later) |
2E 72 61 FD 00
r a |
RA | RealMedia Streaming Media File |
2E 52 4D 46
. R M F |
RM | Real Media File |
2E 73 6E 64
. s n d |
AU | Sound – NeXt/Sun Audio Format |
30
0 |
CAT | Microsoft Security Catalog File |
30 00 00 00 4C 66 4C 65
0 L f L e |
EVT | Windows Event Viewer File |
30 26 B2 75 8E 66 CF 11
A6 D9 00 AA 00 62 CE 6C |
ASF, WMA,
WMV |
Microsoft Windows Media Audio/Video File
(Advanced Streaming Format) |
30 31 4F 52 44 4E 41 4E
0 1 O R D N A N 43 45 20 53 55 52 56 45 C E S U R V E 59 20 20 20 20 20 20 20 Y |
NTF
|
National Transfer Format Map File
|
31 BE 00 00 00 AB | DOC | Word processor – MS Word 4 |
3n BE 00 00 00 AB | WRI | Word processor – MS Write (n = 0×1, 0×2) |
34 12 | PIC | Graphics – PC Paint |
37 7A BC AF 27 1C | 7Z | Archive – 7-Zip Archive File |
38 42 50 53
8 B P S |
PSD | Graphics – Adobe Photoshop File |
3A DE 68 B1 | DCX | Graphics – CAS Fax Format |
3C | ASX | Advanced Stream Redirector File |
3C | XDR | BizTalk XML-Data Reduced Schema File |
3C 21 64 6F 63 74 79 70
< ! d o c t y p |
DCI | AOL HTML Mail File |
3C 3F 78 6D 6C 20 76 65
< ? x m l v e 72 73 69 6F 6E 3D r s i o n = |
MANIFEST
|
Windows Visual Stylesheet XML File
|
3C 3F 78 6D 6C 20 76 65
< ? x m l v e 72 73 69 6F 6E 3D 22 31 r s i o n = “ 1 2E 30 22 3F 3E . 0 “ ? > |
XUL
|
XML User Interface Language File
|
3C 3F 78 6D 6C 20 76 65
< ? x m l v e 72 73 69 6F 6E 3D 22 31 r s i o n = “ 1 2E 30 22 3F 3E 0D 0A 3C . 0 “ ? > < 4D 4D 43 5F 43 6F 6E 73 M M C _ C o n s 6F 6C 65 46 69 6C 65 20 o l e F i l e 43 6F 6E 73 6F 6C 65 56 C o n s o l e V 65 72 73 69 6F 6E 3D 22 e r s i o n = “ |
MSC
|
Microsoft Management Console Snap-in Control
File |
3E 00 03 00 FE FF 09 00
06 (offset : 24 bytes) |
WB3 | Quatro Pro for Windows 7.0 Notebook File |
3F 5F 03 00
? _ |
GID | Windows Help Index File |
3F 5F 03 00
? _ |
HLP | Windows Help File |
41 48
A H |
PAL, PIC | Graphics – Dr Halo Format |
41 4C 5A 01
A L Z |
ALZ | Archive – ESTsoft Alzip Archive File |
40 40 40 20 00 00 40 40
@ @ @ @ @ 40 40 @ @ |
ENL
|
EndNote Library File
|
41 43 53 44
A C S D |
Miscellaneous AOL Parameter and Information
File | |
41 4D 59 4F
A M Y O |
SYW | Graphics – Hardvard Graphics Symbol Graphic |
41 4F 4C 20 46 65 65 64
A O L F e e d 62 61 67 b a g |
BAG
|
AOL and AIM Buddy List File
|
41 4F 4C 44 42
A O L D B |
ABY, IDX | Database – AOL Database File (ABY, MAIN.IDX) |
41 4F 4C 49 44 58
A O L I D X |
IND | AOL Client Preferences/Settings File (MAIN.IND) |
41 4F 4C 49 4E 44 45 58
A O L I N D E X |
ABI | AOL Address Book Index File |
41 56 47 36 5F 49 6E 74
A V G 6 _ I n t 65 67 72 69 74 79 5F 44 e g r i t y _ D 61 74 61 62 61 73 65 a t a b a s e |
DAT
|
AVG6 Integrity Database File
|
41 56 49 20 4C 49 53 54
A V I L I S T |
Audio/Video Interleaved File | |
41 4F 4C 56 4D 31 30 30
A O L V M 1 0 0 |
AOL Personal File Cabinet (PFC) File | |
41 72 43 01
A r C |
ARC | Archive - FreeArc Archive File |
42 45 47 49 4E 3A 56 43
B E G I N : V C 41 52 44 0D 0A A R D |
VCF
|
vCard File
|
42 4C 49 32 32 33 51
B L I 2 2 3 Q |
BIN | Tomson Speedtouch Series WLAN Router
Firmware File |
42 4D
B M |
BMP, DIB | Graphics – Windows Bitmap Format |
42 4F 4F 4B 4D 4F 42 49
B O O K M O B I |
PRC | Palmpilot Resource File |
42 5A 68
B Z h |
BZ2, TAR,
TBZ2, TB2 |
Archive – bzip2 Archive File |
43 42 46 49 4C 45
C B F I L E |
CBD | WordPerfect Dictionary File |
43 44 30 30 31
C D 0 0 1 |
ISO | ISO-9660 CD Disc Image |
43 4F 4D 2B
C O M + |
CLB | COM+ Catalog File |
43 52 45 47
C R E G |
DAT | Windows 9x Registry Files |
43 52 55 53 48 20 76
C R U S H v |
CRU | Archive - Crush Archive File |
43 54 4D 46
C T M F |
CMF | Sound – Creative Music Format |
43 57 53
C W S |
SWF | Shockwave Flash File (v5+) |
43 61 74 61 6C 6F 67 20
C a t a l o g 33 2E 30 30 00 3 . 0 0 |
CTF
|
Wherelslt Catalog File
|
43 6C 69 65 6E 74 20 55
C l i e n t U 72 6C 43 61 63 68 65 20 r l C a c h e 4D 4D 46 20 56 65 72 20 M M F V e r |
DAT
|
IE History DAT File
|
43 72 65 61 74 69 76 65
C r e a t i v e 20 56 6F 69 63 65 20 46 V o i c e F 69 6C 65 1A i l e |
VOC
|
Sound – Creative Voice Format
|
44 42 46 48
D B F H |
DB | Palm Zire Photo Database |
44 4D 53 21
D M S ! |
DMS | Archive - Amiga DiskMasher Archive File |
44 4F 53
D O S |
ADF | Amiga Disk File |
44 61 6E 4D
D a n M |
MSP | Graphics – Windows Paint |
45 4E 54 52 59 56 43 44
E N T R Y V C D 02 00 00 01 02 00 18 58 X |
VCD
|
Video VCD (GNU VCDImager) File
|
45 54 46 53 53 41 56 45
E R F S S A V E 44 41 54 41 46 49 4C 45 D A T A F I L E |
DAT
|
Kroll EasyRecovery Saved Recovery State File
|
45 56 46
E V F |
Enn
(nn = number) |
EnCase Evidence File |
45 59 45 53
E Y E S |
CE1, CE2 | Graphics – ComputerEyes Format |
46 4F 52 4D
F O R M |
LBM | Graphics – Interchange File Format |
46 41 58 43 4F 56
F A X C O V 45 52 2D 56 45 52 E R - V E R |
CPE
|
Microsoft Fax Cover Sheet
|
46 45 44 46
F E D F |
SBV | Unkown File Type |
46 4C 56 | SWF | Flash Video File |
46 4F 52 4D 00 | AIFF | Audio – Audio Interchange File |
46 57 53
F W S |
SWF | Shockwave Flash File |
46 72 6F 6D 20 20 20
F H o m or 46 72 6F 6D 20 3F 3F 3F F H o m ? ? ? or 46 72 6F 6D 3A 20 F H o m : |
EML
|
A common File Extension for E-mail File
|
47 46 31 50 41 54 43 48
G F 1 P A T C H |
PAT | Advanced Gravis Ultrasound Patch File |
47 49 46 38 37 61
G I F 8 7 a |
GIF | Graphics – Graphics Interchange Format |
47 49 46 38 39 61
G I F 8 9 a |
GIF | Graphics – Graphics Interchange Format |
47 50 41 54
G P A T |
PAT | GIMP (GNU Image Manipulation Program) Pattern
File |
47 58 32
G X 2 |
GX2 | Graphics – Show Partner Graphics File |
48 48 47 42 31
H H G B 1 |
SH3 | Harvard Graphics Presentation File |
49 49 2A
I I * |
TIF, TIFF | Graphics – Tagged Image File Format File
(Little Endian) |
4D 4D 2A
M M * |
TIF, TIFF | Graphics – Tag Image File Format
(Big Endian) |
49 42 4B 1A
I B K |
IBK | Sound – Soundblaster Instrument Bank |
49 44 33
I D 3 |
MP3 | Sound – MPEG-1 Audio Layer 3 (MP3) Audio File |
49 4D 44 43
I M D C |
IC1, IC2, IC3 | Graphics – Atari Imagic Film Format |
49 53 63 28
I S c ( |
CAB | Archive - Install Shield (v5+) Archive File |
49 54 53 46
I T S F |
CHM | Microsoft HTML Help Compiled File |
49 6E 6E 6F 20 53 65 74
I n n o S e t 75 70 20 55 6E 69 6E 73 u p U n i n s 74 61 6C 6C 20 4C 6F 67 t a l l L o g 20 28 62 29 ( b ) |
DAT
|
Inno Setup Uninstall Log File
|
4A 41 52 43 53 00
J A R C S |
JAR | Archive - JARCS Archive File |
4A 47 0n 0E 00 00 00 | ART | AOL ART File (n = 0×3, 0×4) |
4C 00 00 00
L |
LNK | Microsoft Windows Shortcut File |
4C 01
L |
OBJ | Microsoft Common Object File Format (COFF)
Relocatable Object Code File |
4C 4E 02 00
L N |
HLP | Windows Help File |
4C 69 6E 53
L i n S |
MSP | Graphics – Windows 3.x Paint |
4D 47 43
M G C |
CRD | Database – Windows 3.x Card File |
4D 49 4C 45 53
M I L E S |
MLS | Mailestones v1.0 Project Management and
Scheduling Software (Also see “MV2C”, “MV214″) |
4D 4C 53 57
M L S W |
MLS | Skype Localization Data File |
4D 4D 00 2A
M M * |
TIF, TIFF | Graphics – Big Tagged Image File Format (TIFF)
(big endian) |
4D 4D 00 2B
M M + |
TIF, TIFF | Graphics – Big Tagged Image File Format (TIFF)
File ( > 4GB) |
4D 4D 4D 44 00 00
M M M D |
MMF | Yamaha Cynthetic Music Mobile Application
Format (SMAF) |
4D 53 43 46
M S C F |
CAB
PPZ SNP |
Microsoft Cabinet File
Powerpoint Presentation Package Microsoft Access Snapshot Viewer File |
4D 53 46 54 02 00 01 00
M S F T |
TLB | OLE, SPSS, Visual C++ Type Library File |
4D 53 5F 56 4F 49 43 45
M S _ V O I C E |
CDR, DVF,
MSV |
Sound – Sony Compressed Voice File
Sound – Sony Memory Stick Compressed Voice File |
4D 54 68 64
M T h d |
MID, MIDI | Sound – Standard Musical Instrument Digital
Interface (MIDI) Format |
4D 56
M V |
DSN | CD Stomper Pro Label File |
4D 56 32 31 34
M V 2 1 4 |
MLS | Milestones v2.1b Project Management and
Scheduling Software (Also see “MILES”, “MV2C”) |
4D 56 32 43
M V 2 C |
MLS | Milestones v2.1a Project Management and
Scheduling Software (Also see “MILES”, “MV214″) |
4D 5A
M Z |
COM, DLL, DRV
EXE, PIF, QTS QTX, SYS ACM, AX, CPL, FON, OCX, OLB, SCR, VBX, VXD |
Windows/DOS Executable File MS Audio Compression Manage Driver
Library Cache File Control Panel Application Font File ActiveX or OLE Custom Control OLE Object Library Screen Saver Visual Basic Application Windows Virtual Device Drivers |
4D 5A 90 00 03 00 00 00
M Z |
API,
AX, FLT |
Acrobat Plug-in
DirectShow Filter Adobe Audition Graphic Filter File |
4D 5A 90 00 03 00 00 00
M Z 04 00 00 00 FF FF |
ZAP | ZoneAlam Data File |
4D 69 63 72 6F 73 6F 66
M i c r o s o f 74 20 56 69 73 75 61 6C t V i s u a l 20 53 74 75 64 69 6F 20 S t u d i o 53 6F 6C 75 74 69 6F 6E S o l u t i o n 20 46 69 6C 65 F i l e |
SLN
|
Visual Studio .NET Solution File
|
4D 69 63 72 6F 73 6F 66
M i c r o s o f 74 20 57 69 6E 64 6F 77 t W i n d o w 73 20 4D 65 64 69 61 20 s M e d i a 50 6C 61 79 65 72 20 2D P l a y e r - 2D 20 - (offset : 84 bytes) |
WPL
|
Windows Media Player Playlist
|
4E 41 56 54 52 41 46 46
N A V T R A F F 49 43 I C |
DAT
|
TomTom Traffice Data File
|
4E 45 53 4D 1A 01
N E S M |
NFS | Sound – NES Sound File |
4E 49 54 46 30
N I T F 0 |
NTF | National Imagery Transmission Format (NIFF) File |
4E 61 6D 65 3A 20
N a m e : |
COD | Agent NewsReader Character Map File |
4F 50 4C 44 61 74 61 62
O P L D a t a b 61 73 65 46 69 6C 65 a s e F i l e |
DBF
|
Psion Series 3 Database File
|
4F 67 67 53 00 02 00 00
O g g s 00 00 00 00 00 00 |
OGA, OGG,
OGV, OGX |
Ogg Vorbis Codec Compressed Multimedia File |
4F 7B
O { |
DW4 | Visio/DisplayWrite 4 Test File |
50 00 00 00 20 00 00 00
P |
IDX | Quicken QuickFinder Information File |
50 35 0A
P 5 |
PGM | Graphics – Portable Graymap Graphic |
50 41 43 4B
P A C K |
PAK | Archive - Quake Archive File |
50 45 53 54
P E S T |
DAT | PestPatrol Data/Scan Strings |
50 49 43 54 00 08
P I C T |
IMG | Graphics – ADEX ChromaGraph Graphics Card
Bitmap Graphics File |
50 4B 03 04
P K |
ZIP,
DOCX, PPTX, XLSX, JAR, SXC, SXD, SXI, SXW WMZ, XPI, XPT |
Archive – Pkzip Archive File
Microsoft Office Open XML Format Document Java Archive Package OpenOffice Spreadsheet, Drawing, Presentation Windows Media Compressed Skin File Mozila Browser Archive eXact Packager Models |
50 4B 03 04 14 00 06 00
P K |
DOCX, PPTX,
XLSX |
Microsoft Office Open XML Format Document |
50 4B 03 04 14 00 08 00
P K |
JAR | Java Archive |
50 4B 4C 49 54 45
P K L I T E (offset : 30 bytes) |
ZIP | Archive - PKLITE ZIP Archive (see also PKZIP) |
50 4B 53 70 58
P K S F X (offset : 526 bytes) |
ZIP | Archive – PKSFX Self-Extracting Executable Compressed File (see also PKZIP) |
50 4D 43 43
P M C C |
GRP | Windows Program Manager Group File |
50 4E 43 49 55 4E 44 4F
P N C I U N D |
DAT | Noton Disk Doctor Undo File |
50 C3 | CLP | Windows 3.x Clipboard |
51 45 4C 20
Q E L (offset : 92 bytes) |
QEL | Quicken Data File |
51 46 49 FB
Q F I |
IMG | QEMU Qcow Disk Image |
51 57 20 56 65 72 2E 20
Q W V e r |
ABD, QSD | Quicken Data File |
52 41 5A 41 54 44 42 31
R A Z A T D B 1 |
DAT | Shareaza (Windows P2P Client) Thumbnail |
52 45 47 45 44 49 54
R E G E D I T |
REG, SUD | Windows NT Registry and Registry Undo Files |
52 45 56 4E 55 4D 3A 2C
R E V N U M : , |
ADF | Antenna Data File |
52 49 46 46
R I F F |
ANI
DAT DS4 |
Windows Animated Cursof
Video CD MPEG or MPEG1 Movie File Micrografx Designer v4 Graphic File |
52 49 46 46 xx xx xx xx
R I F F 41 56 49 20 4C 49 53 54 A V I L I S T |
AVI
|
Resource Interchange File Format -
Windows Audio Video Interleave File |
52 49 46 46 xx xx xx xx
R I F F 43 44 44 41 66 6D 74 20 C D D A f m t |
CDA
|
Resource Interchange File Format -
Compact Disc Digital Audio (CD-DA) File |
52 49 46 46 xx xx xx xx
R I F F 51 4C 43 4D 66 6D 74 20 Q L C M f m t |
QCP | Resource Interchange File Format -
Qualcomm PureVoice |
52 49 46 46 xx xx xx xx
R I F F 52 4D 49 44 64 61 74 61 R M I D d a t a |
RMI
|
Resource Interchange File Format -
Windows Musical Instrument Digital Interface File |
52 49 46 46 xx xx xx xx
R I F F 57 41 56 45 66 6D 74 20 W A V E f m t |
WAV
|
Resource Interchange File Format -
Audio for Windows File |
52 54 53 53
R T S S |
CAP | Windows NT Netmon Capture File |
52 61 72 21 1A 07 00
R a r ! |
RAR | Archive – WinRAR Compressed Archive File |
53 42 49 1A
S B I |
SBI | Soundblaster Instrument Format |
53 43 48 6C
S C H l |
AST | Audio – Need for Speed : Undergraound Audio File |
53 43 4D 49
S C M I |
IMG | Img Software Set Bitmap File |
53 48 4F 57
S H O W |
SHW | Harvard Graphics DOC v2/x Presentation File |
53 49 45 54 52 4F 4F 49
S I E T R O N I 43 53 20 58 52 44 20 53 C S X R D S 43 41 4E C A N |
CPI
|
Sietronics CPI XRD Document File
|
53 49 54 21 00
S I T ! |
SIT | Archive – Stufflt Compressed Archive File |
53 4D 41 52 54 44 52 57
S M A R T D R W |
SDR | SmartDraw Drawing File |
53 51 4C 4F 43 4F 4E 56
S Q L O C O N V 48 44 00 00 31 2E 30 00 H D 1 . 0 |
CNV
|
DB2 Conversion File
|
53 6D 62 6C
S m b l |
SYM | Harvard Graphics v2.x Graphics Symbol
Windows SDK Graphics Symbol |
53 74 75 66 66 49 74 20
S t u f f I t 28 63 29 31 39 39 37 2D ( c ) 1 9 9 7 - |
SIT
|
Archive – Stufflt Compressed Archive File
|
54 43 53 4F 00 04 00 00 00 00
T C S O (offset : 6 bytes) |
SOL | Local Shared Object(LSO) File |
54 68 69 73 20 69 73 20
T h i s i s |
INFO | UNIX GNU Info Reader File |
55 43 45 58
U C E X |
UCE | Unicode Extensions |
55 46 41 C6 D2 C1
U F A |
UFA | Archive – UFA Compressed Archive File |
55 46 4F 4F 72 62 69 74
U F O O r b i t |
DAT | UFO Capture v2 Map File |
56 43 50 43 48 30
V C P C H 0 |
PCH | Visual C PreCompiled Header File |
56 44 56 49
V D V I |
AVS | Intel Digital Video Interface |
56 45 52 53 49 4F 4E 20
V E R S I O N |
CTL | Visual Basic User-Defined Control File |
57 4D 4D 50
W M M P |
DAT | Walkman MP3 Container File |
57 53 32 30 30 30
W S 2 0 0 0 |
WS2 | WordStar for Windows v2 Document File |
57 69 6E 5A 69 70
W i n Z i p (offset : 29, 152 bytes) |
ZIP | Archive – WinZip Compressed Archive File |
58 43 50 00
X C P |
CAP | Cinco NetXRay, Network General Sniffer, and
Network Associates Sniffer Capture File |
58 50 43 4F 4D 0A 54 79
X P C O M T y 70 65 4C 69 62 p e L i b |
XPT
|
XPCOM Type Libraries for The XPIDL Compiler
|
58 54
X T |
BDR | MS Publisher Border |
59 A6 6A 95 | RAS | SUN Raster Format |
5A 4F 4F 20
Z O O |
ZOO | Archive – ZOO Compressed Archive File |
5B 47 65 6E 65 72 61 6C
[ G e n e r a l 5D 0D 0A 44 69 73 70 6C ] D i s p l 61 79 20 4E 61 6D 65 3D a y N a m e = 3C 44 69 73 70 6C 61 79 < D i s p l a y 4E 61 6D 65 N a m e |
ECF
|
Microsoft Exchange 2007 Extended Configuration
File |
5B 4D 53 56 43
[ M S V C |
VCW | Microsoft Visual C++ Workbench Information File |
5B 50 68 6F 6E 65 5D
[ P h o n e ] |
DUN | Dial-Up Networking File |
5B 56 45 52 5D 0D 0A 09
[ V E R ] |
SAM | AMU Pro Document |
5B 76 65 72 0D 0A 09
[ v e r ] |
SAM | AMU Pro Document |
5B 56 65 72 73 69 6F 6E
[ V e r s i o n ] (offset : 2 bytes) |
CIF | Unknown File Type |
5B 57 69 6E 64 6F 77 73
[ W i n d o w s 20 4C 61 74 69 6E 20 L a t i n |
CPX
|
Microsoft Code Page Translation File
|
5B 66 6C 74 73 69 6D 2E
[ f l t s i m 30 5D 0 ] |
CFG
|
Flight Simulator Aircraft Configuration File
|
5F 43 41 53 45 5F
_ C A S E _ |
CAS, CBK | EnCase v3 Case File
EnCase v4, 5, 6 use OLE 2 Container File |
60 EA | ARJ | Archive – ARJ Compressed Archive File |
62 65 67 69 6E
b e g i n |
UUencoded File | |
63 75 73 68 00 00 00 02
c u s h 00 00 00 |
CSH | Photoshop Custom Shape |
64 00 00 00
d |
P10 | Intel PROset/Wireless Profile |
64 73 77 66 69 6C 65
d s w f i l e |
DSW | Microsoft Visual Studio Workspace File |
66 4C 61 43 00 00 00 22
f L a C “ |
FLAC | Free Lossless Audio Codec File |
6C 33 33 6C
l 3 3 l |
DBB | Skype User Data File |
6D 6F 6F 76
m o o v or (offset : 4 bytes) 66 72 65 65 f r e e or (offset : 4 bytes) 6D 64 61 74 m d a t or (offset : 4 bytes) 77 69 64 65 w i d e or (offset : 4 bytes) |
MOV
|
Apple QuickTime Movie File
|
72 65 67 66
r e g f |
DAT | Windows Registry Hive File |
72 74 73 70 3A 2F 2F
r t s p : / / |
RAM | RealMedia Metafile |
73 6C 68 21
s l h ! or 73 6C 68 2E s l h . |
DAT
|
Allegro Generic Packfile Data File
(0×21 = Compressed, 0x2E = Uncompressed ) |
73 72 63 64 6F 63 69 64
s r c d o c i d 3A : |
CAL
|
Graphics - CALS Raster Bitmap File
|
73 7A 65 7A
s z e z |
PDB | PowerBASIC Debugger Symbols File |
74 42 4D 50 4B 6E 57 72
t B M P K n W r (offset : 60 bytes) |
PRC | PathWay Map File (used GPS devices) |
75 73 74 61 72
u s t a r (offset : 257 bytes) |
TAR | Archive – Tape Archive File |
76 32 30 30 33 2E 31 30
v 2 0 0 3 . 1 0 0D 0A 30 0D 0A 0 |
FLT
|
Qimage Filter
|
78
x |
DMG | Mac OS X Disk Copy Disk Image File |
7A 62 65 78
z b e x |
INFO | ZoomBowser Image Index File (ZbThumbnal.info) |
7B 0D 0A 6F 20
{ o |
LGC, LGD | Windows Application Log File |
7B | DBF | Database - dBASE IV |
7B 5C 72 74 66 31
{ r t f 1 |
RTF | Word processor – Rich Text Format |
7E 42 4B 00
~ B K |
PSP | Graphics – Corel Paint Shop Pro Image File |
7F 45 4C 46
E L F |
Linux/Unix – Executable and Linking Format | |
80 | OBJ | Relocatable Object Code |
80 00 00 20 03 12 04 | ADX | Dreamcase Audio File |
81 CD AB | WPF | Word processor – WordPerfect Test File |
83 | DBF | Database – dBASE III |
83 | DBF | Database – dBASE IV |
83 | DBF | Database – FoxPro |
8B | DBF | Database – FoxPro |
89 50 4E 47 0D 0A 1A 0A
P N G |
PNG | Graphics – Portable Network Graphics File |
8A 01 09 00 00 00 E1 08
00 00 99 19 |
AW | MS Answer Wizard File |
91 33 48 46 | HAP | Archive – Hamarsoft HAP 3.x Compressed Archive |
95 01 | SKR | PGP Secret Key Ring |
99 00 | PKR | PGP Public Key Ring |
99 01 | PKR | PGP Public Key Ring |
9B A5 | DOC | Word processor – Winword 1.0 |
9C CB CB 8D 13 75 D2 11
91 58 00 C0 4F 79 56 A4 |
WAB | Outlook Address File |
A0 46 1D F0 (offset : 512 bytes) | PPT | PowerPoint Presentation SubHeader |
A1 B2 C3 D4 | tcpdump (libpcap) Capture File | |
A1 B2 CD 34 | Extended tcpdump (libpcap) Capture File | |
A9 0D 00 00 00 00 00 00 | DAT | Access Data FTK Evidence File |
AC 9E BD 8F 00 00 | QDF | Quicken Data File |
B1 68 DE 3A | DCX | Graphics Multipage PCX Bitmap File |
B5 A2 B0 B3 B3 B0 A2 B5 | CAL | Windows 3.x Calendar |
BA BE EB EA | ANI | NEOchrome Animation File |
BE 00 00 00 AB 00 00 00
00 00 00 00 00 |
WRI | Microsoft Wirte File |
C3 AB CD AB | ACS | Microsoft Agent Character File |
C5 D0 D3 C6 | EPS | Adobe Encapsulated PostScript File |
C8 00 79 00 | LBK | Jeppesen FiteLog File |
CA FE BA BE | CLASS | Java Bytecode File |
CD 20 AA AA 02 00 00 00 | Norton Anti-Virus Quarantined Virus File | |
CF 11 E0 A1 B1 1A E1 00 | DOC | Word processor – Perfect Office Document File |
CF AD 12 FE | DBX | Microsoft Outlook Express E-mail File |
D0 CF 11 E0 A1 B1 1A E1 | HWP
DOC, DOT, PPS PPT, XLA, XLS WIZ AC_ ADP APR DB MSC MSI MTW OPT PUB SOU SPO VSD WPS |
HAANSOFT Compound Document File
Microsoft Office Compound Document File Access Project File Lotus/IBM Approach 97 File MSWorks Database File Microsoft Common Console Documet File Microsoft Installer Package Minitab Data File Developer Studio File Workspace Options File Microsoft Publisher File Visual Studio Solution User Options File SPSS Output File Visio File MSWorks Text Document File |
D2 0A 00 00 | FTR | GN Nettest WinPharoah Filter File |
D4 2A | ARL, AUT | AOL History (ARL) and Typed URL (AUT) Files |
D4 C3 B2 A1 | WinDump (Winpcap) Capture File | |
D7 CD C6 9A | WMF | Graphics – Windows Metafile Format |
DB A5 | DOC | Word processor - Winword 2.0 |
DC DC | CPL | Corel Color Palette File |
DC FE | EFX | eFax File Format |
E3 10 00 01 00 00 00 00 | INFO | Amiga Icon File |
E3 82 85 96 | PWL | Windows Password File |
E8 or
E9 or EB or |
COM, SYS | Windows Executable File |
EB 3C 90 2A | IMG | GEM Raster File |
EC A5 C1 00 (offset : 512 bytes) | DOC | Word Document SubHeader |
ED AB EE DB | RPM | RedHat Package Manager File |
EF BB BF | Byte-order Mark for 8-bit Unicode Transformation
Format (UTF-8) File | |
F5 | DBF | FoxPro Database |
FD FF FF FF 04 (offset : 512 bytes) | SUO | Visual Studio Solution User Options SubHeader |
FD FF FF FF nn 00 00 00 (offset : 512 bytes) | PPT | PowerPoint Presentation SubHeader
(nn = 0x0E, 0x1C, 0×43) |
FD FF FF FF nn 00 or (offset : 512 bytes)
FD FF FF FF nn 02 (offset : 512 bytes) |
XLS | Excel Spreadsheet SubHeader
(nn = 0×10, 0x1F, 0×22, 0×23, 0×28, 0×29) |
FD FF FF FF 20 00 00 00 (offset : 512 bytes) | OPT
XLS |
Developer Studio File Workspace Options
SubHeader Excel Spreadsheet SubHeader |
FD FF FF FF xx xx xx xx
xx xx xx xx 04 00 00 00 (offset : 512 bytes) |
DB | Thumbs.db SubHeader |
FE DB or
FE DC |
SEQ | Cyber Paint |
FE FF | Byte-order mark for 16-bit Unicode Transformation
Format/2-octet Universal Character Set (UTF-16/UCS-2) | |
FF | SYS | Windows Executable Format File |
FF 00 02 00 04 04 05 54
02 00 |
WKS | Windows Spreadsheet Work File |
EF 46 4F 4E 54
F O N T |
CPI | Windows International Code Page |
FF 4B 45 59 42 20 20 20
K E Y B |
SYS | Keyboard Driver File |
FF 57 50 43
W P C |
WP, WPD, WPG
WP5 |
Word processor – WordPerfect Document and
Graphic File |
FF D8 FF E0 xx xx 4A 46
J F 49 46 I F |
JPG
|
Graphics – JPEG/JFIF Format
|
FF D8 FF E1 xx xx 45 78
E x 69 66 i f |
JPG
|
Graphics – JPEG/Exif Format – Digital Camera
Exchangeable Image File Format (EXIF) |
FF FF | GEM | GEM Metafile Format |
FF D8 FF E8 xx xx 53 50
S P 49 46 46 00 I F F |
JPG
|
Graphics – Still Picture Interchange File Format
(SPIFF) |
'시스템/웹/포렌식 보안 > 포렌식' 카테고리의 다른 글
네트워크 침해사고 분석 가이드 (1) | 2013.09.10 |
---|---|
Forensic USB 흔적조사(Win7) (0) | 2013.07.23 |
Forensic USB 흔적조사(XP) (0) | 2013.07.23 |
간단한 해킹사고 증거 분석서 (0) | 2013.07.23 |