TrID

From aldeid
Jump to: navigation, search

Description

TrID is a utility designed to identify file types from their binary signatures. While there are similar utilities with hard coded logic, TrID has no fixed rules. Instead, it's extensible and can be trained to recognize new formats in a fast and automatic way.

Installation

TrID is available for Windows and Linux. Refer to http://mark0.net/soft-trid-e.html for further details. The below installation has been tested on Ubuntu 12.04 LTS.

$ mkdir -p /data/src/TrID/
$ cd /data/src/TrID/
$ wget http://mark0.net/download/trid_linux.zip
$ unzip trid_linux.zip
$ chmod +x trid

You will also need the signatures file:

$ wget http://mark0.net/download/triddefs.zip
$ unzip triddefs.zip

Usage

Syntax

Usage: TrID <[path]filespec(s)...> [-ae|-ce] [-d:file] [-ns] [-r:nn]
                                  [-v] [-w] [-?]

Options

-ae
Add guessed extension to filename
-ce
Change filename extension
-d
file
Use the specified defs package
-ns
Disable unique strings check
-r
nn
Display the first nn matches (default: 5)
-v
Verbose mode - display def name, author, etc.
-w
Wait for a key before exiting
-?
This help!

Example

$ ./trid /data/tmp/Lab01-03.exe

TrID/32 - File Identifier v2.11 - (C) 2003-11 By M.Pontello
Definitions found:  5075
Analyzing...

Collecting data from file: /data/tmp/Lab01-03.exe
 35.6% (.EXE) Win32 Executable (generic) (4508/7/1)
 16.3% (.EXE) Win16/32 Executable Delphi generic (2072/23)
 15.9% (.EXE) Clipper DOS Executable (2018/12)
 15.8% (.EXE) Generic Win/DOS Executable (2002/3)
 15.8% (.EXE) DOS Executable Generic (2000/1)