Marco Pontello's Home Page
TrID
Questa pagina in italiano

(Last updated: 14/03/24)
 

 

        
SOFTWARE ZONE, il software che cerchi App news and reviews, best software downloads and discovery Download free programs, games and apps | MadDownload.com trid rated excellent at apkmonk


TrID - File Identifier

TrID is an utility designed to identify file types from their binary signatures. While there are similar utilities with hard coded logic, TrID has no fixed rules. Instead, it's extensible and can be trained to recognize new formats in a fast and automatic way.

TrID has many uses: identify what kind of file was sent to you via e-mail, aid in forensic analysis, support in file recovery, etc.

TrID uses a database of definitions which describe recurring patterns for supported file types. As this is subject to very frequent update, it's made available as a separate package. Just download both TrID and this archive and unpack in the same folder.

The database of definitions is constantly expanding; the more that are available, the more accurate an analysis of an unknown file can be. You can help! Use the program to both recognize unknown file types and develop new definitions that can be added to the library. See the TrIDScan page for information about how you can help. Just run the TrIDScan module against a number of files of a given type. The program will do the rest.

Because TrID uses an expandable database it will never be out of date. As new file types become available you can run the scan module against them and help keep the program up to date. Other people around the world will be doing the same thing making the database a dynamic and living thing. If you have special file formats that only you use, you can also add them to your local database, making their identification easier.

To get you started, the current library of definitions is up to 17358 file types and growing fast.

TrID is simple to use. Just run TrID and point it to the file to be analyzed. The file will be read and compared with the definitions in the database. Results are presented in order of highest probability.

 C:\TrID>trid c:\test\doc\lasik_info.doc

 TrID/32 - File Identifier v2.24 - (C) 2003-16 By M.Pontello          

 Collecting data from file: c:\test\doc\lasik_info.doc
 Definitions found: 5702
 Analyzing...

  70.7% (.DOC) Microsoft Word document (58000/1/5)
  29.3% (.) Generic OLE2 / Multistream Compound File (24000/1)

 C:\TrID>trid c:\Download\AvBatEx.bav

 TrID/32 - File Identifier v2.24 - (C) 2003-16 By M.Pontello

 Collecting data from file: f:\Download\AvBatEx.bav
 Definitions found: 5702
 Analyzing...

  75.8% (.BAV) The Bat! Antivirus plugin (187530/5/21)
  15.2% (.EXE) Win32 Executable MS Visual C++ (generic) (37706/45/16) 
   4.3% (.EXE) Win32 Executable Generic (10527/13/4)
   3.1% (.DLL) Win32 Dynamic Link Library (generic) (7600/42/2)
   0.8% (.EXE) Generic Win/DOS Executable (2002/3)

Wildcards can be used to scan groups of files, entire folders, etc. In addition, using the switch -ae will instruct TrID to add the guessed extensions to the filenames. This come handy, for example, when working with files recovered by data rescue softwares. For example:

 C:\TrID>trid c:\temp\* -ae

 TrID/32 - File Identifier v2.24 - (C) 2003-16 By M.Pontello          
 Definitions found:  5702
 Analyzing...

 File: c:\temp\FILE0001.CHK
  75.8% (.BAV) The Bat! Antivirus plugin (187530/5/21)

 File: c:\temp\FILE0002.CHK
  77.8% (.OGG) OGG Vorbis Audio (14014/3)

 File: c:\temp\FILE0003.CHK
  86.0% (.DOC) Microsoft Word document (49500/1/4)

 File: c:\temp\FILE0004.CHK
  42.6% (.EXE) UPX compressed Win32 Executable (30569/9/7)

  4 file(s) renamed.

At this point, the files in the c:\temp folder will look like:

  FILE0001.CHK.bav
  FILE0002.CHK.ogg
  FILE0003.CHK.doc
  FILE0004.CHK.exe

Instead, the switch -ce will just change the file extension to the new one; if the file has no extension, the new one will be added. For example:

  IAmASoundFile.dat -> IAmASoundFile.wav
  IAmABitmap -> IAmABitmap.bmp

TrID can get a file list from stdin, with the -@ switch.
So it's possible to work on an entire folder tree, or a particular subset of files, just using the output of some other command through a pipe. Something like:

 C:\TrID>dir d:\recovered_drive /s /b | trid -ce -@
 Definitions found:  5702
 Analyzing...

 File: d:\recovered_drive\notes
 100.0% (.RTF) Rich Text Format (5000/1)

 File: d:\recovered_drive\temp\FILE0001.CHK                           
  77.8% (.OGG) OGG Vorbis Audio (14014/3)

 ...  
  

It's possible to tell TrID to show some more information about every match (such as the mime type, who created that definition, how many files were scanned, etc.); and it's also possible to limit the number of results shown.
The switch -v activate the verbose mode, and -r:nn specifies the max number of matches that TrID will display. Default is 5 for normal mode, 2 for verbose, 1 for multi-files analysis.

 C:\TrID>trid "c:\t\Windows XP Startup.ogg" -v -r:2

 TrID/32 - File Identifier v2.24 - (C) 2003-16 By M.Pontello          

 Collecting data from file: c:\t\Windows XP Startup.ogg
 Definitions found: 5702
 Analyzing...

  77.8% (.OGG) OGG Vorbis audio (14014/3)
          Mime type  : audio/ogg
        Definition   : audio-ogg-vorbis.trid.xml
          Files      : 37
        Author       : Marco Pontello
          E-Mail     : marcopon@nospam@gmail.com
          Home Page  : http://mark0.net

  22.2% (.OGG) OGG stream (generic) (4000/1)
        Definition   : ogg-stream.trid.xml
          Files      : 35
        Author       : Marco Pontello
          E-Mail     : marcopon@nospam@gmail.com
          Home Page  : http://mark0.net

When starting, TrID will check for the TrIDDefs.TRD definitions package in the current directory. If not found, it will search on the some folder where TrID is installed. Eventually, it's possible to specify a particular defs file with the switch -d:filespec. To force TrID to wait for a key after showing the results, the -w switch is provided.

To speed up the process of getting the latest updated definitions, it's possible to use the TrIDUpdate Python script. It first compare the MD5 digest of the current TRD file and the one available online, so if the file isn't changed it's very quick. For example:

 c:\TrID>tridupdate.py                                                
 MD5: 1bf1b5511092e5cbcf7bbde2da7ecf21
 Checking last version online...
 MD5: 6904c61a6e5701448c52b436bda3b95a
 Downloading new defs...
 Checking defs integrity...
 OK.

 c:\TrID>tridupdate.py
 MD5: 6904c61a6e5701448c52b436bda3b95a
 Checking last version online... 
 MD5: 6904c61a6e5701448c52b436bda3b95a
 Current defs are up-to-date.


  For any info or question, feel free to contact me or take a look in the forum!


Download

TrID is free for personal / non commercial use.

 Win32   TrID v2.24, 47KB ZIP - (PGP sig)
 Linux/x86   TrID v2.24, 357KB ZIP - (PGP sig)
 Linux/x86-64   TrID v2.24, 421KB ZIP - (PGP sig)
   TrIDUpdate v1.10, 1KB ZIP (Python required)
   TrIDDefs.TRD package, 2043KB ZIP (17358 file types, 14/03/24

 

TrID's Definitions DB changes log feed! TrID's Definitions DB changes log feed!

 
If TrID proved useful to you, maybe you can write a comment here in the forum!

If you like TrID, you may consider a little donation!
Even a couple of $ or mBTC will let me know that you appreciate my work! Thanks!

Bitcoin: 1Mark1tF6QGj112F5d3fQALGf41YfzXEK3

 

 

Change Log

TrIDUpdate v1.10 (all platforms) - 03/03/2017:
+ Now works with both Python 2.x and 3.x.

TrID v2.24 (all platforms) - 04/04/2016:
+ Added uniquification when renaming files.
* Linux binaries statically compiled.

TrID v2.20 - 09/04/2015:
+ Added switch -@ to read a file list from stdin.
+ Show Mime type in verbose mode.

TrID/Linux v2.12b - 30/03/2015:
+ Linux 64bit version.

TrID/Linux v2.11 - 07/12/11:
* Fixed filetype definitions search-path bug.

TrID/32 v2.10 - 14/02/11:
* Now support files larger than 2GB.
+ Added the -ce switch to change files' extensions

TrID/32 v2.02 - 11/01/07:
* Fixed a bug with files larger than 10MB.

TrID/32 v2.00 - 04/06/06:
+ Major new version!
+ New container package for the filetypes' defs.
+ Batch scanning & renaming.
+ Ported to FreeBASIC compiler.

TrID/32 v1.56 - 22/12/04:
+ Progress indication while loading definitions.
+ Quiet mode - don't show filetypes while loading definitions.

TrID/32 v1.55 - 20/11/03:
+ Unique strings evaluation now is case insensitive.

TrID/32 v1.50 - 15/11/03:
+ Analysys engine enhanced. Now it can use some unique strings (if contained in the defs) in addition to binary patterns at fixed positions.

TrID/32 v1.23 - 13/08/03:
+ Verbose mode, activated using switch /V.
+ It's possibile to limit the number of matches showed, switch /R.

TrID/32 v1.00 - 07/06/03:
- After a period of beta testing, this is the first stable release for the Win32 platform.