How it Works

The leading engine in file identification
The File Investigator Engine is the core library that identifies a file by its content rather than filename extension. You might assume that it has to be slow if it opens every file, but it is almost as fast as any other program that just reads the disk directory. MS Windows, and most applications, only look at a file's extension when identifying or loading it. If the file has the wrong extension or the application doesn't recognize the extension, then you are out of luck. Unless you have an application that uses the File Investigator Engine.

Stages that we use to identify each file

  1. 1. Match Legal Database(s) Hash Codes (optional)
  2. 2. Match File Header/Magic #
  3. 3. Match Inter-File Pattern/Signature/Magic #
  4. 4. Match Byte Value Distribution Pattern
  5. 5. Interpret & Validate Identification
  6. 6. Match Hash Codes (Our hash DB, then the Legal DB(s))
  7. 7. Floating Header Match (Secondary)
  8. 8. Match Hash Codes (Secondary, Legal DB(s) only)
  9. 9. Match File Extension
  10. 10. Read Metadata 

This engine also extracts valuable information out of many different types of files. Information like: image resolutions, sound file sampling rates, document titles, and much more. It then adds general information about that particular file type/format.

We provide OEM API Kits for Windows, UNIX & Linux programmers to take advantage of the File Investigator Engine. There are also a couple consumer applications available.

There are many ways that software developers are using the File Investigator Engine

  • • Backup Software - Target the user's personal data rather than backing up the entire drive. Find data the user forgot to select.
  • • Data Recovery - Identify files recovered from damaged hard drives and correct their file extensions.
  • • Data Security - Identify which files contain executable code or floating headers hiding in otherwise safe file types.
  • • Document Management - Organize files by their qualities, metadata or types rather than just their file names.
  • • eDiscovery - Analyze and Filter files from confiscated hard drive(s) to narrow your search for legal evidence.
  • • Internet Service Provider - Scan files for viruses intelligently, by first identifying what type of file(s) are being scanned.
  • • General - Verify a file uses a supported file format before your software product tries to load it.

Uses for our consumer applications

  • • Search confiscated hard drive(s) for Computer Forensics legal evidence, on the files that your other tools fail to identify.
  • • Organize your files by their qualities or types rather than just their file names.
  • • Identify a file that a friend or colleague gave you that Windows doesn't recognize.
  • • Quickly look at a file's details when searching for a specific file, without having to wait for an editing software to open and load each file.
  • • List the details for many files all on one screen. Then it is easy to zero in on a file that you were looking for.

* Forensic Innovations does not guarantee that all of the file's metadata is extracted.