Jump to navigation Jump to search
TrID is a utility designed to identify file types from their binary signatures. While there are similar utilities with hard coded logic, TrID has no fixed rules. Instead, it's extensible and can be trained to recognize new formats in a fast and automatic way.
TrID is available for Windows and Linux. Refer to http://mark0.net/soft-trid-e.html for further details. The below installation has been tested on Ubuntu 12.04 LTS.
$ mkdir -p /data/src/TrID/ $ cd /data/src/TrID/ $ wget http://mark0.net/download/trid_linux.zip $ unzip trid_linux.zip $ chmod +x trid
You will also need the signatures file:
$ wget http://mark0.net/download/triddefs.zip $ unzip triddefs.zip
Usage: TrID <[path]filespec(s)...> [-ae|-ce] [-d:file] [-ns] [-r:nn] [-v] [-w] [-?]
- Add guessed extension to filename
- Change filename extension
- Use the specified defs package
- Disable unique strings check
- Display the first nn matches (default: 5)
- Verbose mode - display def name, author, etc.
- Wait for a key before exiting
- This help!
$ ./trid /data/tmp/Lab01-03.exe TrID/32 - File Identifier v2.11 - (C) 2003-11 By M.Pontello Definitions found: 5075 Analyzing... Collecting data from file: /data/tmp/Lab01-03.exe 35.6% (.EXE) Win32 Executable (generic) (4508/7/1) 16.3% (.EXE) Win16/32 Executable Delphi generic (2072/23) 15.9% (.EXE) Clipper DOS Executable (2018/12) 15.8% (.EXE) Generic Win/DOS Executable (2002/3) 15.8% (.EXE) DOS Executable Generic (2000/1)