Difference between revisions of "Determine the file type of an unknown file"
(→Option 1: Use an Online Tool) |
|||
| Line 19: | Line 19: | ||
* They sometimes give false-positives. | * They sometimes give false-positives. | ||
* They won't accept large files. | * They won't accept large files. | ||
| − | * You can't trust them with sensitive | + | * You can't trust them with files that may contain sensitive information like passwords. |
<br clear="all" /> | <br clear="all" /> | ||
Revision as of 17:17, 2 December 2020
This guide will help you determine the file type of an unknown file in the Windows operating system. You will need to do this if you ever come across a file that no longer has a useful file name which could happen as the result of a recovered deleted file or a file that was found during a Check Disk scan (a possible problem if you remove a USB device improperly).
If you don't already have Show file extensions turned on, do so. Each major release of Windows has changed how to do this, so I'll write an additional guide for that in the future.
Contents
Option 1: Use an Online Tool
There are online web pages designed to determine the file type of an unknown file. I have found checkfiletype.com to be easy and effective. For this site, do the following:
- Click Browse to open the File Upload dialog.
- Search for your unknown file and click Open to upload the file.
- Click Check File Type and wait as the file is uploaded and checked.
- If the web site can determine the file type, it will tell you and suggest file extensions.
- Rename your file with one of the suggested extensions, then double-click it and see if it opens.
While online tools are usually pretty accurate, they have several short-comings as well:
- They sometimes give false-positives.
- They won't accept large files.
- You can't trust them with files that may contain sensitive information like passwords.
Option 2: Search Online For the File's Signature
If the online tool fails, or you are unable to use it, you can always get the file's signature and try to find it online. Unfortunately, file signatures aren't readily available in Windows, so you'll have to determine it from the file's header. The first thing you need to do is view the file's contents. An easy way to do this is to open it in a text editor. To do this:
- Open a text editor.
- Drag-and-drop the file into the editor.
- If the editor doesn't support drag-and-drop, try using it's File -> Open to open the file. If it can only files with a .txt extension, rename the file and give it a .txt extension.
I suggest using Notepad++ instead of the Notepad program that comes with Windows. You can drag-and-drop into it, open any file from its Open menu, or right-click on the file and select Edit with Notepad++ from the context menu.
From here we can see the first portion of the file, which includes the file's header. In most file headers, the first few letters indicate the file's signature. You can search for this signature in existing lookup lists like garykessler.net/library/file_sigs.html or en.wikipedia.org/wiki/List_of_file_signatures, or even just by doing an online search with the words file signature and the letters from the file.
For example, in the image we see a file signature of "PK". Doing a search online, we find that PK is the file signature for various compressed files like the hugely popular ZIP format. We can try that by renaming the file and replacing the .txt we added earlier with .zip.
With the new extension added, double-click the file and see if it opens. If it does, great! If you get an error when trying to open the file, that could mean we've either guessed the wrong extension, or the file is corrupt beyond opening.
Some files will have an unusual file signature which can't be determined easily. In this case, highlight a few characters, copy them, and paste them to search with. In the example to right, you'll find that ÿØ is the file signature for JPEG images.
Option 3: Guess From the File's Contents
Some formats either don't have a file signature, or have such a common file signature, it becomes impossible to determine the type. While Notepad++ is good, you may prefer a Hex Editor because it handles the non-printable characters found in binary files more neatly, and makes the file type easier to determine.
When guessing from a file's contents usually the beginning and ending of the file contains the most useful data. In the example file on the left, we see that this is a media file created by Google. The word "media" indicates this file contains something like audio, images, video, etc. which narrows our search. We also see the words "moov" and a couple instances of "mp4", so we can guess that this file is an MP4 video.
Links
- checkfiletype.com - Online file type determiner.
- garykessler.net/library/file_sigs.html - Large list of file signatures.
- en.wikipedia.org/wiki/List_of_file_signatures - Smaller list of file signatures.
- filext.com - Giant list of file extensions.
- mark0.net/soft-trid-e.html - Downloadable file type determiner (untested).
