File Signatures

• A file signature is used to verify and identify the contents of a file.
  • It refers to bytes within the file that are the header and tail of the file that denote it as a specific type of file.

Why is it important in Digital Forensics?

• DF investigators can benefit from knowing file signatures or having a table of signatures to go through.
• A good example is if you have various files with masked or no extensions in their name, view the file header and match it to the table, it will make it much quicker.

Good file signature tables

• https://www.garykessler.net/library/file_sigs.html
  • Updated recently as of January 2024, used in classes