Filerecon – Advanced File Fingerprinting

The filerecon project is doing some research in the field of file fingerprinting. The goal is the highly accurate identification of given file structures. This is very important to identify file association (e.g. during a forensic analysis or data recovery).

filerecon project advanced file fingerprinting
filerecon project advanced file fingerprinting

This tool will try to determine some well-known sequences for specific file structures. If this pattern-based approach is able to find some matches, those are shown as part of the result. The pattern-matching provides a higher level of accuracy if the pattern is very long and suspected on a specific offset within the file stream.

filerecon uses a simple flat-file data base which contains all the fingerprint elements to determine the given file format. The data base file is saved as magicdatabase.txt within the application directory. This text file contains a multiple row table in which the values are delimited with a tab: (1) Offset or range, (2) search type, (3) pattern string, (4) result value.

The tool will be a good addition during the forensic analysis as the file fingerprint will be running inside a sandbox and it will provide required information to detect type of a file based on header signature (also known as magic number) rather than file extension.

You can read more and download the tool over here: https://www.computec.ch/projekte/filerecon/

Share