>fifile File Investigator File for UNIX Version 2.16 Copyright (C) 1995-2007 Forensic Innovations; ALL RIGHTS RESERVED Summary: This utility is included in the File Investigator SDK as an example application. It can be used to analyze a single file and display details about that file. It may not be distributed to non-File Investigator SDK owners. Formats: 2506 types of files can be identified. Versions: Patterns Database 2.16.000 Descriptions Database 2.16.000 Backgrounds Database 2.16.000 Usage: fifile [path][filename] [options] Options: -h Displays this help screen. -l Displays lists of File Investigator values for: Accuracy levels Formats Storage methods Contents Platforms -p Pauses the display for each screen. Library Directory: The environment variable LD_LIBRARY_PATH should include the directory that the libfiengine.so file is located in. Example: LD_LIBRARY_PATH=/export/home/fiengine The fifile executable and fiengine.fi? database files can be located in any directory, because their location is automatically discovered when fifile is executed. >fifile libfiengine.so File Investigator File for UNIX Version 2.16 Copyright (C) 1995-2007 Forensic Innovations; ALL RIGHTS RESERVED Settings: Registration Key = key Use Extension = ON Add Directories = ON Add Checksum = ON Get Details = ON Auto Learn = OFF Text Search Depth = 1 Summary Length = 256 Filter CR/LF = ON PathFilename: libfiengine.so Filename: libfiengine Extension: so Path: c:\data\robware\Source\fi\debug Size: 174648 bytes Created: 03/04/2004 11:08:35AM Modified: 01/16/2004 05:44:08PM Accessed: 03/04/2004 11:08:35AM Attributes: -rw-rw-rw- Description: UNIX Program Library (1251) Details: Accuracy: MEDIUM (2) Checksum: 0x00A79819 Extensions: .so MIME: HelpLine: 23092309 Platforms: Sun OS (0x80) UNIX (0x100) Storage: Binary (0x2) Content: Library of Functions (0x800) Number Values: Text Values: Originator: Notes: A group of functions that were compiled together for Sun Solaris programs to use on a UNIX based computer. View Software: Edit Software: Convert SW: Reference(s): ASCII Header: ĶELF???............+...?.......F Hex. Header: 7F 45 4C 46 02 02 01 00 00 00 00 00 00 00 00 00 00 03 00 2B 00 00 00 01 00 00 00 00 00 00 00 E8 Scan Time: 200 (milliseconds) Open Error: 0 >fifile -l File Investigator File for UNIX Version 2.16 Copyright (C) 1995-2007 Forensic Innovations; ALL RIGHTS RESERVED Accuracy Levels: 0 None (not identified) 1 Low (matched file extension) 2 Medium (quick scan) 3 High (second/deep scan) Content Types: 0 N/A 1 Animation 2 Database 3 Database Hybrid 4 Document 5 Font 6 Game Data 7 Graphic Image 8 Graphic Metafile 9 Hypertext 10 Hypermedia 11 Icon 12 Library of Functions 13 Macro 14 Program Data 15 Program Executable 16 Raw Printer Data 17 ROM/RAM Image 18 Shortcut/Link 19 Sound 20 Sound Metafile 21 Source Code 22 Spreadsheet 23 Template 24 Text 25 Text Hybrid 26 Virtual Environment 27 Virus Platforms: 0 N/A 1 Amiga 2 IBM OS/2 3 IBM PC Compatible 4 Macintosh 5 MS Windows 3.x 6 MS Windows 95/98/NT 7 MS/PC DOS 8 Sun OS 9 UNIX 10 Atari Storage Methods: 0 N/A 1 Archive 2 Binary 3 Bitmap/Raster 4 Digital Audio 5 Music Notes 6 Text 7 Translated 8 Vector Text Value Types: 0 Miscellaneous 1 Title 2 Author 3 Program Name 4 Software 5 Name 6 File Version 7 Comments 8 Display Name 9 Product 10 Source 11 Subject 12 Mac Type ID 13 Description 14 Copyright 15 Artist 16 Instrument 17 Lyric 18 Text 19 Keywords 20 Date Created 21 Mac Creator 22 Compiler 23 Compressor 24 Company 25 Internal Name 26 File Name 27 Product Version 28 Unknown Chunk Tag 29 Album 30 Year 31 Genre 32 Template 33 Revision Number 34 Date Edited 35 Date Printed 36 Date Saved 37 Mime Type Number Value Types: Notes: All number values are unsigned LONG. n represents a number value returned by FIEngine. % is used like MOD to return the remainder. Type of value Calculation on data Notes(s)/Example(s) ------------------------------- ------------------- -------------------- 1 Format Version (major) . 250 -> 2.50.??.?? 2 Program Version (major) . 525 -> 5.25.??.?? 3 # of Color Bits 4 Tempo 5 # of Instruments 6 # of Sound Bits 7 # of Sound Channels 1=mono, 2=stereo 8 Sound sampling Rate in Hz 9 Volume Level (percentage) 10 # of Descriptions 11 # of Patterns 12 Time Length (1/100 of a second) ::. 13 # of Frames/Images 14 X Resolution (dots) 640 -> 640x??? 15 Y Resolution (dots) 480 -> ???x480 16 X Resolution (in) . 525 -> 5.25x???" 17 Y Resolution (in) . 525 -> ???x5.25" 18 X Resolution (mm) 640 -> 640x??? 19 Y Resolution (mm) 525 -> ???x525mm 20 Dots/Inch (dpi) 21 Frames/second . 22 Disk Size (1/100 of an inch) . 23 # of Disk Sides 1=Single Sided, 2=Double Sided 24 Density 1=Single, 2=Double, 3=High, 4=Quad 25 Sound Compression 1=PCM 10=Linear+emph+comp 2=ADPCM 11=A-Law 3=Mu-Law 12=Fibonacci Delta 4=Linear 13=MPEG 1.0 layer 1 5=Floating point 14=MPEG 1.0 layer 2 6=Double precision 15=MPEG 1.0 layer 3 7=Fixed point 16=MPEG 2.0 layer 3 8=Linear + emphasis 17=MPEG 2.5 layer 3 9=Linear + comp 26 # of Pages 27 # of Sound Tracks 28 # of Sound Samples 29 Character Set 1=ANSI 5=ASCII 2=Mac 6=PC ASCII 3=PS/2 7=PC ANSI 4=PC 30 Linker Version . 525 -> 5.25 31 Image Compression 0=uncompressed 8=RTV 2.1(16) 1=8bit RLE 9=CCITT/3 1-D 2=4bit RLE 10=FAX CCITT Group 3 3=LZW 11=FAX CCITT Group 4 4=Cinepak Codec 12=JPEG 5=compressed 13=PackBit 6=MS-CRAM 14=IR50 7=IR32 32 X Resolution (dpi) 640 -> 640x??? 33 File Protection 0=unprotected, 1=passworded, 2=encrypted 34 # of Records 35 # of Programs 36 # of Icons 37 # of Repeats 38 # of Directories 39 # of Files 40 File Version . 65538 -> 1.02.??.?? 41 File/Product Version Extension . 65538 -> ??.??.01.02 42 Product Version . 65538 -> 1.02.??.?? 43 # of Words 44 # of Characters 45 Track # 46 Unix Permissions User bits Bits: 1=Execute Group bits 2=Write Other/All bits 4=Read Formats: Name Valid Extensions Acc --------------------------------------- --------------------------- --- 0 Unidentified NO 1 Disk Directory HI 2 Disk Volume Label HI 3 Text File TXT, DOC, INI, INF, * MED 4 Graphics Interchange Format GIF, GIFF MED 5 MS Windows Bitmap BMP, DIB, SYS, RLE, BIN, VG MED 6 Amiga Interleave File Format Image LBM, IFF, ILM, BBM, ILBM, B HI 7 MS Paint Bitmap MSP MED 8 AutoDesk Animator Flic FLI, FLC, FII MED 9 GEM Paint Image IMG, GEM MED . . . 1245 Macintosh Disk Image DMF MED 1246 Free Lossless Audio Codec FLAC, FLA MED 1247 MS Office Document (XML) XML HI 1248 MS Excel Spreadsheet (XML) XML HI 1249 MS Word Document (XML) XML HI 1250 UNIX Program / Program Library MED 1251 UNIX Program Library so MED 1252 WinRAR Compressed Archive RAR, R## MED 1253 MS Project File (ANSI) MPX MED 1254 Text File (UTF-8) txt MED 71 HIGHs 489 MEDIUMs 694 LOWs 1 NONE Key: Acc = The highest level of accuracy possible for the file format. HI = HIGH - 99%: Identified by scanning the file for recognizable signatures and data. MED = MEDIUM - 90%: Identified by matching the file header to a pattern. LOW = LOW - 50%: Identified by matching the file extension. NO = NONE - 0%: Unidentified file. ? = A wildcard that indicates a space that can be any character. # = A wildcard that indicates a space that can be any number. * = A wildcard that indicates an extension that has too many possibilities to list.