Making a list of file types

What if you are looking for JPEG’s but the name of the file has been changed, or the extension is wrong? You can also run the commandfileon each file and see what it might contain.

filefilename

Thefilecommand compares each file’s header (the first few bytes of a raw file) with the contents of the “magic” file (usually found in/usr/share/magic). It then outputs a description of the file.

If there are a large number of files without extensions, or where the extensions have changed, you might want to run thefilecommand on_all_the files on a disk (or in a directory, etc.). Remember our use of thefindcommand’s-execoption withsha1sum?Let’s do the same thing withfile:

find . -type f -exec file {} \; > /root/evidence/filetype.list

View the list with the more command, and if you are looking for images in particular, then use grep to specify that:

cat /root/evidence/filetype.li**st | grep image**

This command would stream the contents of our_filetype.list_file using thecatcommand and pipe the output throughgrep, looking for instances of the string “image”.

Making a list of file types

Making a list of file types

filefilename

results matching ""

No results matching ""