Determine the File Type of an Unknown File

From TheAlmightyGuru
Jump to: navigation, search
Recovered files.

This guide will help you Determine the File Type of an Unknown File in the Windows operating system. You will need to do this if you ever come across a file that no longer has a useful file name which could happen as the result of a recovered deleted file or a file that was found during a Check Disk scan (a possible problem if you remove a USB device improperly).

If you don't already have Show file extensions turned on, do so. Each major release of Windows has changed how to do this, so I'll write an additional guide for that in the future.

Option 1: Use an Online Tool

Results of an online tool.

There are online web pages designed to determine the file type of an unknown file. I have found checkfiletype.com to be easy and effective. For this site, do the following:

  1. Click Browse to open the File Upload dialog.
  2. Search for your unknown file and click Open to upload the file.
  3. Click Check File Type and wait as the file is uploaded and checked.
  4. If the web site can determine the file type, it will tell you and suggest file extensions.
  5. Rename your file with one of the suggested extensions, then double-click it and see if it opens.

While online tools are usually pretty accurate, they have several short-comings as well:

  • They sometimes give false-positives.
  • They can't accept large files.
  • You may not trust them with sensitive files like recovered banking information.


Option 2: Search Online For the File's Signature

Add a txt extension.

If the online tool fails, or you are unable to use it, you can always get the file's signature and try to find it online. Unfortunately, file signatures aren't readily available in Windows, so you'll have to determine it from the file's header. The first thing you need to do is view the file's contents. An easy way to do this is to open it in a text editor. To do this:

  1. Right-click on the file, and in the context menu, click Rename.
  2. Add ".txt" to the end of the file's name and press Enter.
  3. Double-click the file and it will open in your default text editor.


Viewing a file in Notepad++.

I suggest using Notepad++ instead of the Notepad program that comes with Windows. Also, if you use Notepad++, you can usually right-click on any file and select Edit with Notepad++ from the context menu, so you won't need to rename the file with a .txt extension.

From here we can see the first portion of the file, which includes the file's header. In most file headers, the first couple letters indicate the file's signature. You can search for this signature in existing lookup lists like garykessler.net/library/file_sigs.html or en.wikipedia.org/wiki/List_of_file_signatures, or even just by doing an online search with the words file signature and the letters from the file.

Renaming with a .zip extension.

For example, in the image we see a file signature of "PK". Doing a search online, we find that PK is the file signature for various compressed files like the hugely popular ZIP format. We can try that by renaming the file and replacing the .txt we added earlier with .zip.

The file now opens in a ZIP viewer.

With the new extension added, double-click the file and see if it opens. If it does, great! If you get an error like "File is not an archive," that could mean we've either guessed the wrong extension, or the file is corrupt beyond opening.

Unusual file signature.

Some files will have an unusual file signature which can't be determined easily. In this case, highlight a few characters, copy them, and paste them to search with. In the example to right, you'll find that ÿØ is the file signature for JPEG images.

Option 3: Guess From the File's Contents

Viewing a file in a hex editor.

Some formats either don't have a file signature, or has such a common file signature, it becomes impossible to determine the type. While Notepad++ is good, you may prefer a Hex Editor because it handles the non-printable characters found in binary files more neatly, and makes the file type easier to determine.

When guessing from a file's contents usually the beginning and ending of the file contains the most useful data. In the example file on the left, we see that this is a media file created by Google. Media indicates audio, images, video, etc. which narrows our search. We also see the words "moov" and a couple instances of "mp4", so we can guess that this file is an MP4 video.

Links