Adding new file type to Autopsy 4.15

Data recovery and HDD repair discussions

Switch to full style
Anything related to computer forensics (new section!)
Post a reply
zerosiedem

Adding new file type to Autopsy 4.15

May 1st, 2020, 18:21

Hi All,
I leraning Autopsy 4.15 and now i traying add Custom MIME Types for 2 file types from music programe Ableton (
*.als & *.alp). Most easy part was find mime-types:
.als > application/octet-stream
.alp > application/x-ableton
but to full succees i need signatures:
1. Signature Type: Bytes (Hex) or String ASCII
2. Signature (0x0000 or string)
3. Byte Offset
Do you know how is the best metod to get this information? My gol is finding only files with extensions *.als and *.alp on dd/e01 raw file.

I tray to use:
xxd testujacy.alp | head
00000000: 1f8b 0800 0000 0000 020b 8cba 0558 9ccd .............X..
file -i testujacy.alp
testujacy.alp: application/gzip; charset=binary

https://imgur.com/a/4gyu1CP
however on filedesk the information about application type was different: https://www.filedesc.com/en/file/alp
fzabkar
  • fzabkar
  • Posts: 15539
  • Joined: September 8th, 2009, 18:21
  • Location: Australia
  • Website

Re: Adding new file type to Autopsy 4.15

May 1st, 2020, 21:48

I don't use Autopsy, but AIUI its file carving feature makes use of PhotoRec.

https://www.cgsecurity.org/wiki/Add_your_own_extension_to_PhotoRec
https://www.cgsecurity.org/wiki/File_Formats_Recovered_By_PhotoRec
https://git.cgsecurity.org/cgit/testdisk/tree/src/file_als.c (Ableton Live Sets)
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

Board index