All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: Adding new file type to Autopsy 4.15
PostPosted: May 1st, 2020, 18:21 
Offline

Joined: December 31st, 2019, 7:02
Posts: 1
Location: [PL]WWA
Hi All,
I leraning Autopsy 4.15 and now i traying add Custom MIME Types for 2 file types from music programe Ableton (
*.als & *.alp). Most easy part was find mime-types:
.als > application/octet-stream
.alp > application/x-ableton
but to full succees i need signatures:
1. Signature Type: Bytes (Hex) or String ASCII
2. Signature (0x0000 or string)
3. Byte Offset
Do you know how is the best metod to get this information? My gol is finding only files with extensions *.als and *.alp on dd/e01 raw file.

I tray to use:
Quote:
xxd testujacy.alp | head
00000000: 1f8b 0800 0000 0000 020b 8cba 0558 9ccd .............X..
file -i testujacy.alp
testujacy.alp: application/gzip; charset=binary

https://imgur.com/a/4gyu1CP
however on filedesk the information about application type was different: https://www.filedesc.com/en/file/alp


Top
 Profile  
 
 Post subject: Re: Adding new file type to Autopsy 4.15
PostPosted: May 1st, 2020, 21:48 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 12342
Location: Australia
I don't use Autopsy, but AIUI its file carving feature makes use of PhotoRec.

https://www.cgsecurity.org/wiki/Add_your_own_extension_to_PhotoRec
https://www.cgsecurity.org/wiki/File_Formats_Recovered_By_PhotoRec
https://git.cgsecurity.org/cgit/testdisk/tree/src/file_als.c (Ableton Live Sets)

_________________
A backup a day keeps DR away.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Bing [Bot] and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group