🔍 /

File Extension Detector & Forensic Analyzer

Identify unknown or spoofed files using deep binary signature analysis (Magic Numbers). Detects true file types, exposes hidden executables, and fixes broken extensions instantly.

User Rating 0.0
Total Usage 0 times
Category Internet & Technology
Binary Analysis & Forensic Lab

Drop any file to reveal its true identity via Magic Number inspection.

🔍
Drag & Drop File Here or click to browse local storage
Is this tool helpful?

Your feedback helps us improve.

About

This tool utilizes Binary Signature Analysis (often called Magic Numbers) to identify the authentic format of a file, regardless of its filename or extension. In the digital forensics and cybersecurity domains, trusting a file extension (e.g., document.pdf) is a critical vulnerability; an attacker can easily rename a malicious executable (malware.exe) to bypass basic filters.

Unlike simple detectors that rely on MIME types reported by the operating system, this utility performs a Deep Header Inspection. It reads the raw hexadecimal data from the file's start sector (Offset 0) and compares it against a comprehensive database of industry-standard signatures. This process ensures 100% identification accuracy for standard formats and provides a crucial layer of safety by flagging disguised executables.

file forensics magic numbers extension fixer mime detector malware analysis

Formulas

The core identification logic functions by extracting a byte sequence B from the file header and performing a match operation against a dictionary of known signatures S.

{
MATCH if B0..n SkUNKNOWN otherwise

Where B is the array of bytes read from the file blob, and Sk represents the k-th signature in the database. The comparison is strictly strict-type, parsing the raw ArrayBuffer into Hexadecimal strings for pattern matching.

Reference Data

FormatExtensionMagic Number (Hex Signature)Offset
Portable Network Graphics.png89 50 4E 47 0D 0A 1A 0A0
JPEG Image.jpgFF D8 FF E00
ZIP Archive / Office Open XML.zip, .docx50 4B 03 040
PDF Document.pdf25 50 44 46 2D0
Windows Executable (PE).exe, .dll4D 5A0
RAR Archive v5.rar52 61 72 21 1A 07 01 000
GZIP Compressed.gz1F 8B0
7-Zip Archive.7z37 7A BC AF 27 1C0
MP4 Video (ISO Base).mp400 00 00 18 66 74 79 700
Photoshop Document.psd38 42 50 530

Frequently Asked Questions

This is technically correct. Modern Microsoft Office files (.docx, .xlsx, .pptx) are actually XML-based documents wrapped inside a ZIP container. Their binary signature is identical to a standard ZIP archive (50 4B 03 04). To view the contents manually, you can even rename a .docx file to .zip and open it.
It detects "Risk Factors" but is not an antivirus. It identifies if a file is an Executable (EXE, DLL, ELF) disguised as something else (e.g., a file named "invoice.pdf" that is actually a program). If the "Detected Type" is Executable but the file claims to be a document, do not open it.
No. This tool operates entirely Client-Side using the HTML5 FileReader API. Your data is processed in your browser's memory and is never transmitted over the internet, ensuring 100% privacy for sensitive documents.
This means the file's binary header does not match any of the 400+ common signatures in our database. It could be a plain text file (which has no signature), a proprietary format, or a corrupted file. Try opening it with a text editor to check for readable content.