파일 시그니처 분석 방법 및 시그니처 모음

안녕하세요.

이번 포스팅은 파일 시그니처 분석 방법 및 확장자별 파일 시그니처 모음 정보에 대해서 포스팅하도록 하겠습니다.

파일이 담고 있는 데이터를 유용하게 사용하기 위해서는 관련된 소프트웨어가 필요하고 소프트웨어들은 각각 자신만의 고유한 파일 포맷을 만들어 사용합니다.

따라서 어떤 파일을 읽을 수 있다면(혹은 실행할 수 있다면) 해당 파일 포맷을 해석할 수 있습니다.

 #개인경험 : 파일 시그닟최근 파일 시그니처에 대한 분석을 시작한 이유는 한 기관에서 사용하고 있는 망연계 솔루션 동작 보안 검사를 위해서 진행했었다. 파일전송을 담당하고 있는 망연계 솔루션에서 금지 확장자들이 존재하는데, 해당 확장자 검사가 단순한 확장자 검사만을 이루고 있는 것인지, 아니면 파일 시그니처 등과 같은 다양한 방법을 통해서 진행하는지에 대한 검사를 진행한적이 있다.

Header Signature (Hex)	File Type	Description
xx xx xx xx AF 11	FLI	Graphics – Autodesk Animator
xx xx xx xx AF 12	FLC	Graphics – Autodesk 3D Studio
xx xx 2D 6C 68 35 2D – 1 h 5 –	LZH	Archive – LHA Compressed Archive File
00	PIF PIC YTR	Windows – Program Information File Graphics – IBM Storyboard Bitmap File IRIS OCR Data File
00 00 00 02	MAC	Graphics – MAC Picture Format
00 00 00 nn 66 74 79 70 f t y p 33 67 70 3 g p	3GG 3G2	3rd Generation Partnership Project 3GPP (nn=0x14) 3GPP2 (nn=0x20) Multimedia File
00 00 00 18 66 74 79 70 f t y p 33 67 70 35 3 g p 5	MP4	MPEG-4 Video File
00 00 01 00	ICO	Graphics – Windows Icon Format
00 00 01 Bx	MPG	MPEG Video File
00 00 02 00	CUR WB2	Graphics – Windows Cursor File Spreadsheet – QuattroPro
00 00 02 00 04 04	WKS	Spreadsheet – Lotus 1-2-3
00 00 02 00 05 04	WRK	Spreadsheet – Symphony
00 00 02 00 06 04	WK1 WR1	Spreadsheet – Lotus 1-2-3 Spreadsheet – Symphony
00 00 1A 00 00 10	WK3	Spreadsheet – Lotus 1-2-3
00 00 1A 00 02 10	WK4	Spreadsheet – Lotus 1-2-3
00 00 49 49 58 50 52 I I X P R	QXD	Quark Express Document (dependant endian) Note: It appears that the byte following the 0x52 (“R”) is the languate indicator; 0x33(“3”) seems to indicate English and 0x61(“a”) reportedly indicates Korean
00 00 49 49 58 50 52 M M X P R	QXD	Quark Express Document (dependant endian) Note: It appears that the byte following the 0x52 (“R”) is the languate indicator; 0x33(“3”) seems to indicate English and 0x61(“a”) reportedly indicates Korean
00 00 EF FF	Byte-order mark for 32-bit Unicode Transformation Format
00 01 00 00 4D 53 49 53 M S I S 41 4D 20 44 61 74 61 74 A M D a t a b 61 62 61 73 65 a s e	MNY	Microsoft Money File
00 01 00 00 53 74 61 72 S t a n 64 61 72 64 20 4A 65 74 d a r d J e t 20 44 42 D B	MDB	Database – Microsoft Access File
00 01 00 08	IMG	Graphics – GEM Image Format
00 01 01	FLT	Graphics – OpenFlight 3D File
00 01 42 41 B A	ABA	Palm Address Book Archive File
00 01 42 44 B D	DBA	Palm DataBook Archive File
00 06 15 61 00 00 00 02 00 00 04 D2 00 00 10 00	DB	Database – Netscape Navigator (v4)
01 11 AF	FLI	Graphics – FLIC Animation File
00 1E 84 90 00 00 00 00	SNM	Netscape Communicator (v4) Mail Folder
00 5C 41 B1 FF	ENC	Mujahideen Secrets 2 Encrypted File
00 6E 1E F0 (offset : 512 bytes)	PPT	PowerPoint Presentation SubHeader
01 00 00 00	EMF PIC	Extended(Enhanced) Windows Metafile Format Printer Spool File (0x18-17 & 0xC4-36 : Win2K/NT, 0x5C0-1 : WinXP) Spreadsheet Graph – Lotus 1-2-3
01 10	TR1	Novell LANalyzer Capture File
01 DA 01 01 00 03	RGB	Graphics – Silicon Graphics RGB Bitmap File
01 FF 02 04 03 02	DRW	Graphics – Micrografx Vector Graphics File
02 64 73 73 d s s	DSS	Graphics – Digital Speech Standard (Olympus, Grundig & Phillips)
02	DBF	Database – dBASE II
03	DBF DAT	Database – dBASE III Database – dBASE IV MapInfo Native Data Format
03 00 00 00	QPH	Quicken Price Histroy File
03 00 00 00 41 50 50 52 A P P R	ADX	Approach Index File
04	DB4	Database – dBASE IV Data File
07	DRW	A common signature may drawing programs
07 64 74 32 64 64 74 64 d t 2 d d t d	DTD	DesignTools 2D Design File
08	DB	Database – dBASE IV Database – dBFast Configuration File
09 00 04 00 07 00 01 00	XLW	Spreadsheet – Excel BIFF2
09 02 06 00 00 00 01 00	XLW	Spreadsheet – Excel BIFF3
09 03 06 00 00 04 00 01	XLW	Spreadsheet – Excel BIFF4
0A nn 01 01	PCX	Graphics – ZSOFT Paintbrush (nn = 0x02, 0x03, 0x05)
0C ED	MP	Graphics – Monochrome Picture TIFF Bitmap File
0D 44 4F 43 D O C	DOC	DeskMate Document File
0E 57 4B 53 W K S	WKS	DeskMate Worksheet
0F 00 E8 03 (offset : 512 bytes)	PPT	PowerPoint Presentation SubHeader (MS Office)
11 00 00 00 53 43 43 41 S C C A	PF	Windows Prefetch File
1A 00 00	NTF	Database – Lotus Notes Template File
1A 00 00 04 00 00	NSF	Database – Lotus Notes File
1A 0x	ARC	Archive – LH Achive File, Old Version (x = 0x02, 0x03, 0x04, 0x08, 0x09)
1A 0B	PAK	Archive – PAK Archive File
1A 35 01 00 5	ETH	GN Nettest WinPharoah Capture File
1A 52 54 53 20 43 4F 4D R T S C O M 50 52 45 53 53 45 44 20 P R E S S E D 49 4D 41 47 45 20 56 31 I M A G E V 1 2E 30 1A . 0	DAT	Graphics – Runtime Software Disk Image File
1D 7D	WS	WordStar Version 5.0/6.0 Document File
1F 8B 08	GZ	Archive – GZIP Archive File
1F 9D 90	TAR.Z	Archive – Tape Archive File
21 12 !	AIN	Archive – AIN Archive File
21 3C 61 72 63 68 3E 0A ! < a r c h >	LIB	Archive – Unix Archiver(ar) Files Microsoft Program Library Common Object File Format (COFF)
21 42 44 4E ! B D N	PST	Microsoft Outlook File
23 20 #	MSI	Cerius2 File
23 20 4D 69 63 72 6F 73 # M i c r o s 6F 66 74 20 44 65 76 65 o f t D e v e 6C 6F 70 65 72 20 53 74 l o p e r S t 75 64 69 6F u d i o	DSP	Microsoft Developer Studio Project File
23 21 41 4D 52 # ! A M R	AMR	Adaptive Multi-Rate ACELP Codec Format
24 46 4C 32 40 28 23 29 $ F L 2 @ ( # ) 20 53 50 53 53 20 44 41 S P S S D A 54 41 20 46 49 4C 45 T A F I L E	SAV	SPSS Data File
25 21 50 53 2D 41 64 6F % ! P S – A d o 62 65 2D b e –	EPS	Adobe Encapsulated PostScript File
25 50 44 46 % P D F	PDF FDF	Adobe Portable Document Format File Forms Document File
28 54 68 69 73 20 66 69 ( T h i s f i 6C 65 20 6D 75 73 74 20 l e m u s t 62 65 20 63 6F 6E 76 65 b e c o n v e 72 74 65 64 20 77 69 74 r t e d w i t 68 20 42 69 6E 48 65 78 h B i n H e x 20	HQX	Archive – Macintosh BinHex 4 Archive
2A 2A 2A 20 20 49 6E 73 * * * I n s 74 61 6C 6C 61 74 69 6F t a l l a t i o 6E 20 53 74 61 72 74 65 n S t a r t e 64 20 d	LOG	Symantec Wise Installer Log File
2D 6C 68 – l h (offset : 2 bytes)	LHA, LZH	Archive – Compressed Archive File
2E 52 45 43 R E C	IVR	RealPlayer Video File (v11 and later)
2E 72 61 FD 00 r a	RA	RealMedia Streaming Media File
2E 52 4D 46 . R M F	RM	Real Media File
2E 73 6E 64 . s n d	AU	Sound – NeXt/Sun Audio Format
30 0	CAT	Microsoft Security Catalog File
30 00 00 00 4C 66 4C 65 0 L f L e	EVT	Windows Event Viewer File
30 26 B2 75 8E 66 CF 11 A6 D9 00 AA 00 62 CE 6C	ASF, WMA, WMV	Microsoft Windows Media Audio/Video File (Advanced Streaming Format)
30 31 4F 52 44 4E 41 4E 0 1 O R D N A N 43 45 20 53 55 52 56 45 C E S U R V E 59 20 20 20 20 20 20 20 Y	NTF	National Transfer Format Map File
31 BE 00 00 00 AB	DOC	Word processor – MS Word 4
3n BE 00 00 00 AB	WRI	Word processor – MS Write (n = 0x1, 0x2)
34 12	PIC	Graphics – PC Paint
37 7A BC AF 27 1C	7Z	Archive – 7-Zip Archive File
38 42 50 53 8 B P S	PSD	Graphics – Adobe Photoshop File
3A DE 68 B1	DCX	Graphics – CAS Fax Format
3C	ASX	Advanced Stream Redirector File
3C	XDR	BizTalk XML-Data Reduced Schema File
3C 21 64 6F 63 74 79 70 < ! d o c t y p	DCI	AOL HTML Mail File
3C 3F 78 6D 6C 20 76 65 < ? x m l v e 72 73 69 6F 6E 3D r s i o n =	MANIFEST	Windows Visual Stylesheet XML File
3C 3F 78 6D 6C 20 76 65 < ? x m l v e 72 73 69 6F 6E 3D 22 31 r s i o n = ” 1 2E 30 22 3F 3E . 0 ” ? >	XUL	XML User Interface Language File
3C 3F 78 6D 6C 20 76 65 < ? x m l v e 72 73 69 6F 6E 3D 22 31 r s i o n = ” 1 2E 30 22 3F 3E 0D 0A 3C . 0 ” ? > < 4D 4D 43 5F 43 6F 6E 73 M M C _ C o n s 6F 6C 65 46 69 6C 65 20 o l e F i l e 43 6F 6E 73 6F 6C 65 56 C o n s o l e V 65 72 73 69 6F 6E 3D 22 e r s i o n = “	MSC	Microsoft Management Console Snap-in Control File
3E 00 03 00 FE FF 09 00 06 (offset : 24 bytes)	WB3	Quatro Pro for Windows 7.0 Notebook File
3F 5F 03 00 ? _	GID	Windows Help Index File
3F 5F 03 00 ? _	HLP	Windows Help File
41 48 A H	PAL, PIC	Graphics – Dr Halo Format
41 4C 5A 01 A L Z	ALZ	Archive – ESTsoft Alzip Archive File
40 40 40 20 00 00 40 40 @ @ @ @ @ 40 40 @ @	ENL	EndNote Library File
41 43 53 44 A C S D	Miscellaneous AOL Parameter and Information File
41 4D 59 4F A M Y O	SYW	Graphics – Hardvard Graphics Symbol Graphic
41 4F 4C 20 46 65 65 64 A O L F e e d 62 61 67 b a g	BAG	AOL and AIM Buddy List File
41 4F 4C 44 42 A O L D B	ABY, IDX	Database – AOL Database File (ABY, MAIN.IDX)
41 4F 4C 49 44 58 A O L I D X	IND	AOL Client Preferences/Settings File (MAIN.IND)
41 4F 4C 49 4E 44 45 58 A O L I N D E X	ABI	AOL Address Book Index File
41 56 47 36 5F 49 6E 74 A V G 6 _ I n t 65 67 72 69 74 79 5F 44 e g r i t y _ D 61 74 61 62 61 73 65 a t a b a s e	DAT	AVG6 Integrity Database File
41 56 49 20 4C 49 53 54 A V I L I S T	Audio/Video Interleaved File
41 4F 4C 56 4D 31 30 30 A O L V M 1 0 0	AOL Personal File Cabinet (PFC) File
41 72 43 01 A r C	ARC	Archive – FreeArc Archive File
42 45 47 49 4E 3A 56 43 B E G I N : V C 41 52 44 0D 0A A R D	VCF	vCard File
42 4C 49 32 32 33 51 B L I 2 2 3 Q	BIN	Tomson Speedtouch Series WLAN Router Firmware File
42 4D B M	BMP, DIB	Graphics – Windows Bitmap Format
42 4F 4F 4B 4D 4F 42 49 B O O K M O B I	PRC	Palmpilot Resource File
42 5A 68 B Z h	BZ2, TAR, TBZ2, TB2	Archive – bzip2 Archive File
43 42 46 49 4C 45 C B F I L E	CBD	WordPerfect Dictionary File
43 44 30 30 31 C D 0 0 1	ISO	ISO-9660 CD Disc Image
43 4F 4D 2B C O M +	CLB	COM+ Catalog File
43 52 45 47 C R E G	DAT	Windows 9x Registry Files
43 52 55 53 48 20 76 C R U S H v	CRU	Archive – Crush Archive File
43 54 4D 46 C T M F	CMF	Sound – Creative Music Format
43 57 53 C W S	SWF	Shockwave Flash File (v5+)
43 61 74 61 6C 6F 67 20 C a t a l o g 33 2E 30 30 00 3 . 0 0	CTF	Wherelslt Catalog File
43 6C 69 65 6E 74 20 55 C l i e n t U 72 6C 43 61 63 68 65 20 r l C a c h e 4D 4D 46 20 56 65 72 20 M M F V e r	DAT	IE History DAT File
43 72 65 61 74 69 76 65 C r e a t i v e 20 56 6F 69 63 65 20 46 V o i c e F 69 6C 65 1A i l e	VOC	Sound – Creative Voice Format
44 42 46 48 D B F H	DB	Palm Zire Photo Database
44 4D 53 21 D M S !	DMS	Archive – Amiga DiskMasher Archive File
44 4F 53 D O S	ADF	Amiga Disk File
44 61 6E 4D D a n M	MSP	Graphics – Windows Paint
45 4E 54 52 59 56 43 44 E N T R Y V C D 02 00 00 01 02 00 18 58 X	VCD	Video VCD (GNU VCDImager) File
45 54 46 53 53 41 56 45 E R F S S A V E 44 41 54 41 46 49 4C 45 D A T A F I L E	DAT	Kroll EasyRecovery Saved Recovery State File
45 56 46 E V F	Enn (nn = number)	EnCase Evidence File
45 59 45 53 E Y E S	CE1, CE2	Graphics – ComputerEyes Format
46 4F 52 4D F O R M	LBM	Graphics – Interchange File Format
46 41 58 43 4F 56 F A X C O V 45 52 2D 56 45 52 E R – V E R	CPE	Microsoft Fax Cover Sheet
46 45 44 46 F E D F	SBV	Unkown File Type
46 4C 56	SWF	Flash Video File
46 4F 52 4D 00	AIFF	Audio – Audio Interchange File
46 57 53 F W S	SWF	Shockwave Flash File
46 72 6F 6D 20 20 20 F H o m or 46 72 6F 6D 20 3F 3F 3F F H o m ? ? ? or 46 72 6F 6D 3A 20 F H o m :	EML	A common File Extension for E-mail File
47 46 31 50 41 54 43 48 G F 1 P A T C H	PAT	Advanced Gravis Ultrasound Patch File
47 49 46 38 37 61 G I F 8 7 a	GIF	Graphics – Graphics Interchange Format
47 49 46 38 39 61 G I F 8 9 a	GIF	Graphics – Graphics Interchange Format
47 50 41 54 G P A T	PAT	GIMP (GNU Image Manipulation Program) Pattern File
47 58 32 G X 2	GX2	Graphics – Show Partner Graphics File
48 48 47 42 31 H H G B 1	SH3	Harvard Graphics Presentation File
49 49 2A I I *	TIF, TIFF	Graphics – Tagged Image File Format File (Little Endian)
4D 4D 2A M M *	TIF, TIFF	Graphics – Tag Image File Format (Big Endian)
49 42 4B 1A I B K	IBK	Sound – Soundblaster Instrument Bank
49 44 33 I D 3	MP3	Sound – MPEG-1 Audio Layer 3 (MP3) Audio File
49 4D 44 43 I M D C	IC1, IC2, IC3	Graphics – Atari Imagic Film Format
49 53 63 28 I S c (	CAB	Archive – Install Shield (v5+) Archive File
49 54 53 46 I T S F	CHM	Microsoft HTML Help Compiled File
49 6E 6E 6F 20 53 65 74 I n n o S e t 75 70 20 55 6E 69 6E 73 u p U n i n s 74 61 6C 6C 20 4C 6F 67 t a l l L o g 20 28 62 29 ( b )	DAT	Inno Setup Uninstall Log File
4A 41 52 43 53 00 J A R C S	JAR	Archive – JARCS Archive File
4A 47 0n 0E 00 00 00	ART	AOL ART File (n = 0x3, 0x4)
4C 00 00 00 L	LNK	Microsoft Windows Shortcut File
4C 01 L	OBJ	Microsoft Common Object File Format (COFF) Relocatable Object Code File
4C 4E 02 00 L N	HLP	Windows Help File
4C 69 6E 53 L i n S	MSP	Graphics – Windows 3.x Paint
4D 47 43 M G C	CRD	Database – Windows 3.x Card File
4D 49 4C 45 53 M I L E S	MLS	Mailestones v1.0 Project Management and Scheduling Software (Also see “MV2C”, “MV214”)
4D 4C 53 57 M L S W	MLS	Skype Localization Data File
4D 4D 00 2A M M *	TIF, TIFF	Graphics – Big Tagged Image File Format (TIFF) (big endian)
4D 4D 00 2B M M +	TIF, TIFF	Graphics – Big Tagged Image File Format (TIFF) File ( > 4GB)
4D 4D 4D 44 00 00 M M M D	MMF	Yamaha Cynthetic Music Mobile Application Format (SMAF)
4D 53 43 46 M S C F	CAB PPZ SNP	Microsoft Cabinet File Powerpoint Presentation Package Microsoft Access Snapshot Viewer File
4D 53 46 54 02 00 01 00 M S F T	TLB	OLE, SPSS, Visual C++ Type Library File
4D 53 5F 56 4F 49 43 45 M S _ V O I C E	CDR, DVF, MSV	Sound – Sony Compressed Voice File Sound – Sony Memory Stick Compressed Voice File
4D 54 68 64 M T h d	MID, MIDI	Sound – Standard Musical Instrument Digital Interface (MIDI) Format
4D 56 M V	DSN	CD Stomper Pro Label File
4D 56 32 31 34 M V 2 1 4	MLS	Milestones v2.1b Project Management and Scheduling Software (Also see “MILES”, “MV2C”)
4D 56 32 43 M V 2 C	MLS	Milestones v2.1a Project Management and Scheduling Software (Also see “MILES”, “MV214”)
4D 5A M Z	COM, DLL, DRV EXE, PIF, QTS QTX, SYS ACM, AX, CPL, FON, OCX, OLB, SCR, VBX, VXD	Windows/DOS Executable File MS Audio Compression Manage Driver Library Cache File Control Panel Application Font File ActiveX or OLE Custom Control OLE Object Library Screen Saver Visual Basic Application Windows Virtual Device Drivers
4D 5A 90 00 03 00 00 00 M Z	API, AX, FLT	Acrobat Plug-in DirectShow Filter Adobe Audition Graphic Filter File
4D 5A 90 00 03 00 00 00 M Z 04 00 00 00 FF FF	ZAP	ZoneAlam Data File
4D 69 63 72 6F 73 6F 66 M i c r o s o f 74 20 56 69 73 75 61 6C t V i s u a l 20 53 74 75 64 69 6F 20 S t u d i o 53 6F 6C 75 74 69 6F 6E S o l u t i o n 20 46 69 6C 65 F i l e	SLN	Visual Studio .NET Solution File
4D 69 63 72 6F 73 6F 66 M i c r o s o f 74 20 57 69 6E 64 6F 77 t W i n d o w 73 20 4D 65 64 69 61 20 s M e d i a 50 6C 61 79 65 72 20 2D P l a y e r – 2D 20 – (offset : 84 bytes)	WPL	Windows Media Player Playlist
4E 41 56 54 52 41 46 46 N A V T R A F F 49 43 I C	DAT	TomTom Traffice Data File
4E 45 53 4D 1A 01 N E S M	NFS	Sound – NES Sound File
4E 49 54 46 30 N I T F 0	NTF	National Imagery Transmission Format (NIFF) File
4E 61 6D 65 3A 20 N a m e :	COD	Agent NewsReader Character Map File
4F 50 4C 44 61 74 61 62 O P L D a t a b 61 73 65 46 69 6C 65 a s e F i l e	DBF	Psion Series 3 Database File
4F 67 67 53 00 02 00 00 O g g s 00 00 00 00 00 00	OGA, OGG, OGV, OGX	Ogg Vorbis Codec Compressed Multimedia File
4F 7B O {	DW4	Visio/DisplayWrite 4 Test File
50 00 00 00 20 00 00 00 P	IDX	Quicken QuickFinder Information File
50 35 0A P 5	PGM	Graphics – Portable Graymap Graphic
50 41 43 4B P A C K	PAK	Archive – Quake Archive File
50 45 53 54 P E S T	DAT	PestPatrol Data/Scan Strings
50 49 43 54 00 08 P I C T	IMG	Graphics – ADEX ChromaGraph Graphics Card Bitmap Graphics File
50 4B 03 04 P K	ZIP, DOCX, PPTX, XLSX, JAR, SXC, SXD, SXI, SXW WMZ, XPI, XPT	Archive – Pkzip Archive File Microsoft Office Open XML Format Document Java Archive Package OpenOffice Spreadsheet, Drawing, Presentation Windows Media Compressed Skin File Mozila Browser Archive eXact Packager Models
50 4B 03 04 14 00 06 00 P K	DOCX, PPTX, XLSX	Microsoft Office Open XML Format Document
50 4B 03 04 14 00 08 00 P K	JAR	Java Archive
50 4B 4C 49 54 45 P K L I T E (offset : 30 bytes)	ZIP	Archive – PKLITE ZIP Archive (see also PKZIP)
50 4B 53 70 58 P K S F X (offset : 526 bytes)	ZIP	Archive – PKSFX Self-Extracting Executable Compressed File (see also PKZIP)
50 4D 43 43 P M C C	GRP	Windows Program Manager Group File
50 4E 43 49 55 4E 44 4F P N C I U N D	DAT	Noton Disk Doctor Undo File
50 C3	CLP	Windows 3.x Clipboard
51 45 4C 20 Q E L (offset : 92 bytes)	QEL	Quicken Data File
51 46 49 FB Q F I	IMG	QEMU Qcow Disk Image
51 57 20 56 65 72 2E 20 Q W V e r	ABD, QSD	Quicken Data File
52 41 5A 41 54 44 42 31 R A Z A T D B 1	DAT	Shareaza (Windows P2P Client) Thumbnail
52 45 47 45 44 49 54 R E G E D I T	REG, SUD	Windows NT Registry and Registry Undo Files
52 45 56 4E 55 4D 3A 2C R E V N U M : ,	ADF	Antenna Data File
52 49 46 46 R I F F	ANI DAT DS4	Windows Animated Cursof Video CD MPEG or MPEG1 Movie File Micrografx Designer v4 Graphic File
52 49 46 46 xx xx xx xx R I F F 41 56 49 20 4C 49 53 54 A V I L I S T	AVI	Resource Interchange File Format – Windows Audio Video Interleave File
52 49 46 46 xx xx xx xx R I F F 43 44 44 41 66 6D 74 20 C D D A f m t	CDA	Resource Interchange File Format – Compact Disc Digital Audio (CD-DA) File
52 49 46 46 xx xx xx xx R I F F 51 4C 43 4D 66 6D 74 20 Q L C M f m t	QCP	Resource Interchange File Format – Qualcomm PureVoice
52 49 46 46 xx xx xx xx R I F F 52 4D 49 44 64 61 74 61 R M I D d a t a	RMI	Resource Interchange File Format – Windows Musical Instrument Digital Interface File
52 49 46 46 xx xx xx xx R I F F 57 41 56 45 66 6D 74 20 W A V E f m t	WAV	Resource Interchange File Format – Audio for Windows File
52 54 53 53 R T S S	CAP	Windows NT Netmon Capture File
52 61 72 21 1A 07 00 R a r !	RAR	Archive – WinRAR Compressed Archive File
53 42 49 1A S B I	SBI	Soundblaster Instrument Format
53 43 48 6C S C H l	AST	Audio – Need for Speed : Undergraound Audio File
53 43 4D 49 S C M I	IMG	Img Software Set Bitmap File
53 48 4F 57 S H O W	SHW	Harvard Graphics DOC v2/x Presentation File
53 49 45 54 52 4F 4F 49 S I E T R O N I 43 53 20 58 52 44 20 53 C S X R D S 43 41 4E C A N	CPI	Sietronics CPI XRD Document File
53 49 54 21 00 S I T !	SIT	Archive – Stufflt Compressed Archive File
53 4D 41 52 54 44 52 57 S M A R T D R W	SDR	SmartDraw Drawing File
53 51 4C 4F 43 4F 4E 56 S Q L O C O N V 48 44 00 00 31 2E 30 00 H D 1 . 0	CNV	DB2 Conversion File
53 6D 62 6C S m b l	SYM	Harvard Graphics v2.x Graphics Symbol Windows SDK Graphics Symbol
53 74 75 66 66 49 74 20 S t u f f I t 28 63 29 31 39 39 37 2D ( c ) 1 9 9 7 –	SIT	Archive – Stufflt Compressed Archive File
54 43 53 4F 00 04 00 00 00 00 T C S O (offset : 6 bytes)	SOL	Local Shared Object(LSO) File
54 68 69 73 20 69 73 20 T h i s i s	INFO	UNIX GNU Info Reader File
55 43 45 58 U C E X	UCE	Unicode Extensions
55 46 41 C6 D2 C1 U F A	UFA	Archive – UFA Compressed Archive File
55 46 4F 4F 72 62 69 74 U F O O r b i t	DAT	UFO Capture v2 Map File
56 43 50 43 48 30 V C P C H 0	PCH	Visual C PreCompiled Header File
56 44 56 49 V D V I	AVS	Intel Digital Video Interface
56 45 52 53 49 4F 4E 20 V E R S I O N	CTL	Visual Basic User-Defined Control File
57 4D 4D 50 W M M P	DAT	Walkman MP3 Container File
57 53 32 30 30 30 W S 2 0 0 0	WS2	WordStar for Windows v2 Document File
57 69 6E 5A 69 70 W i n Z i p (offset : 29, 152 bytes)	ZIP	Archive – WinZip Compressed Archive File
58 43 50 00 X C P	CAP	Cinco NetXRay, Network General Sniffer, and Network Associates Sniffer Capture File
58 50 43 4F 4D 0A 54 79 X P C O M T y 70 65 4C 69 62 p e L i b	XPT	XPCOM Type Libraries for The XPIDL Compiler
58 54 X T	BDR	MS Publisher Border
59 A6 6A 95	RAS	SUN Raster Format
5A 4F 4F 20 Z O O	ZOO	Archive – ZOO Compressed Archive File
5B 47 65 6E 65 72 61 6C [ G e n e r a l 5D 0D 0A 44 69 73 70 6C ] D i s p l 61 79 20 4E 61 6D 65 3D a y N a m e = 3C 44 69 73 70 6C 61 79 < D i s p l a y 4E 61 6D 65 N a m e	ECF	Microsoft Exchange 2007 Extended Configuration File
5B 4D 53 56 43 [ M S V C	VCW	Microsoft Visual C++ Workbench Information File
5B 50 68 6F 6E 65 5D [ P h o n e ]	DUN	Dial-Up Networking File
5B 56 45 52 5D 0D 0A 09 [ V E R ]	SAM	AMU Pro Document
5B 76 65 72 0D 0A 09 [ v e r ]	SAM	AMU Pro Document
5B 56 65 72 73 69 6F 6E [ V e r s i o n ] (offset : 2 bytes)	CIF	Unknown File Type
5B 57 69 6E 64 6F 77 73 [ W i n d o w s 20 4C 61 74 69 6E 20 L a t i n	CPX	Microsoft Code Page Translation File
5B 66 6C 74 73 69 6D 2E [ f l t s i m 30 5D 0 ]	CFG	Flight Simulator Aircraft Configuration File
5F 43 41 53 45 5F _ C A S E _	CAS, CBK	EnCase v3 Case File EnCase v4, 5, 6 use OLE 2 Container File
60 EA	ARJ	Archive – ARJ Compressed Archive File
62 65 67 69 6E b e g i n	UUencoded File
63 75 73 68 00 00 00 02 c u s h 00 00 00	CSH	Photoshop Custom Shape
64 00 00 00 d	P10	Intel PROset/Wireless Profile
64 73 77 66 69 6C 65 d s w f i l e	DSW	Microsoft Visual Studio Workspace File
66 4C 61 43 00 00 00 22 f L a C “	FLAC	Free Lossless Audio Codec File
6C 33 33 6C l 3 3 l	DBB	Skype User Data File
6D 6F 6F 76 m o o v or (offset : 4 bytes) 66 72 65 65 f r e e or (offset : 4 bytes) 6D 64 61 74 m d a t or (offset : 4 bytes) 77 69 64 65 w i d e or (offset : 4 bytes)	MOV	Apple QuickTime Movie File
72 65 67 66 r e g f	DAT	Windows Registry Hive File
72 74 73 70 3A 2F 2F r t s p : / /	RAM	RealMedia Metafile
73 6C 68 21 s l h ! or 73 6C 68 2E s l h .	DAT	Allegro Generic Packfile Data File (0x21 = Compressed, 0x2E = Uncompressed )
73 72 63 64 6F 63 69 64 s r c d o c i d 3A :	CAL	Graphics – CALS Raster Bitmap File
73 7A 65 7A s z e z	PDB	PowerBASIC Debugger Symbols File
74 42 4D 50 4B 6E 57 72 t B M P K n W r (offset : 60 bytes)	PRC	PathWay Map File (used GPS devices)
75 73 74 61 72 u s t a r (offset : 257 bytes)	TAR	Archive – Tape Archive File
76 32 30 30 33 2E 31 30 v 2 0 0 3 . 1 0 0D 0A 30 0D 0A 0	FLT	Qimage Filter
78 x	DMG	Mac OS X Disk Copy Disk Image File
7A 62 65 78 z b e x	INFO	ZoomBowser Image Index File (ZbThumbnal.info)
7B 0D 0A 6F 20 { o	LGC, LGD	Windows Application Log File
7B	DBF	Database – dBASE IV
7B 5C 72 74 66 31 { r t f 1	RTF	Word processor – Rich Text Format
7E 42 4B 00 ~ B K	PSP	Graphics – Corel Paint Shop Pro Image File
7F 45 4C 46 E L F	Linux/Unix – Executable and Linking Format
80	OBJ	Relocatable Object Code
80 00 00 20 03 12 04	ADX	Dreamcase Audio File
81 CD AB	WPF	Word processor – WordPerfect Test File
83	DBF	Database – dBASE III
83	DBF	Database – dBASE IV
83	DBF	Database – FoxPro
8B	DBF	Database – FoxPro
89 50 4E 47 0D 0A 1A 0A P N G	PNG	Graphics – Portable Network Graphics File
8A 01 09 00 00 00 E1 08 00 00 99 19	AW	MS Answer Wizard File
91 33 48 46	HAP	Archive – Hamarsoft HAP 3.x Compressed Archive
95 01	SKR	PGP Secret Key Ring
99 00	PKR	PGP Public Key Ring
99 01	PKR	PGP Public Key Ring
9B A5	DOC	Word processor – Winword 1.0
9C CB CB 8D 13 75 D2 11 91 58 00 C0 4F 79 56 A4	WAB	Outlook Address File
A0 46 1D F0 (offset : 512 bytes)	PPT	PowerPoint Presentation SubHeader
A1 B2 C3 D4	tcpdump (libpcap) Capture File
A1 B2 CD 34	Extended tcpdump (libpcap) Capture File
A9 0D 00 00 00 00 00 00	DAT	Access Data FTK Evidence File
AC 9E BD 8F 00 00	QDF	Quicken Data File
B1 68 DE 3A	DCX	Graphics Multipage PCX Bitmap File
B5 A2 B0 B3 B3 B0 A2 B5	CAL	Windows 3.x Calendar
BA BE EB EA	ANI	NEOchrome Animation File
BE 00 00 00 AB 00 00 00 00 00 00 00 00	WRI	Microsoft Wirte File
C3 AB CD AB	ACS	Microsoft Agent Character File
C5 D0 D3 C6	EPS	Adobe Encapsulated PostScript File
C8 00 79 00	LBK	Jeppesen FiteLog File
CA FE BA BE	CLASS	Java Bytecode File
CD 20 AA AA 02 00 00 00	Norton Anti-Virus Quarantined Virus File
CF 11 E0 A1 B1 1A E1 00	DOC	Word processor – Perfect Office Document File
CF AD 12 FE	DBX	Microsoft Outlook Express E-mail File
D0 CF 11 E0 A1 B1 1A E1	HWP DOC, DOT, PPS PPT, XLA, XLS WIZ AC_ ADP APR DB MSC MSI MTW OPT PUB SOU SPO VSD WPS	HAANSOFT Compound Document File Microsoft Office Compound Document File CaseWare Working Papers Compressed Client File Access Project File Lotus/IBM Approach 97 File MSWorks Database File Microsoft Common Console Documet File Microsoft Installer Package Minitab Data File Developer Studio File Workspace Options File Microsoft Publisher File Visual Studio Solution User Options File SPSS Output File Visio File MSWorks Text Document File
D2 0A 00 00	FTR	GN Nettest WinPharoah Filter File
D4 2A	ARL, AUT	AOL History (ARL) and Typed URL (AUT) Files
D4 C3 B2 A1	WinDump (Winpcap) Capture File
D7 CD C6 9A	WMF	Graphics – Windows Metafile Format
DB A5	DOC	Word processor – Winword 2.0
DC DC	CPL	Corel Color Palette File
DC FE	EFX	eFax File Format
E3 10 00 01 00 00 00 00	INFO	Amiga Icon File
E3 82 85 96	PWL	Windows Password File
E8 or E9 or EB or	COM, SYS	Windows Executable File
EB 3C 90 2A	IMG	GEM Raster File
EC A5 C1 00 (offset : 512 bytes)	DOC	Word Document SubHeader
ED AB EE DB	RPM	RedHat Package Manager File
EF BB BF	Byte-order Mark for 8-bit Unicode Transformation Format (UTF-8) File
F5	DBF	FoxPro Database
FD FF FF FF 04 (offset : 512 bytes)	SUO	Visual Studio Solution User Options SubHeader
FD FF FF FF nn 00 00 00 (offset : 512 bytes)	PPT	PowerPoint Presentation SubHeader (nn = 0x0E, 0x1C, 0x43)
FD FF FF FF nn 00 or (offset : 512 bytes) FD FF FF FF nn 02 (offset : 512 bytes)	XLS	Excel Spreadsheet SubHeader (nn = 0x10, 0x1F, 0x22, 0x23, 0x28, 0x29)
FD FF FF FF 20 00 00 00 (offset : 512 bytes)	OPT XLS	Developer Studio File Workspace Options SubHeader Excel Spreadsheet SubHeader
FD FF FF FF xx xx xx xx xx xx xx xx 04 00 00 00 (offset : 512 bytes)	DB	Thumbs.db SubHeader
FE DB or FE DC	SEQ	Cyber Paint
FE FF	Byte-order mark for 16-bit Unicode Transformation Format/2-octet Universal Character Set (UTF-16/UCS-2)
FF	SYS	Windows Executable Format File
FF 00 02 00 04 04 05 54 02 00	WKS	Windows Spreadsheet Work File
EF 46 4F 4E 54 F O N T	CPI	Windows International Code Page
FF 4B 45 59 42 20 20 20 K E Y B	SYS	Keyboard Driver File
FF 57 50 43 W P C	WP, WPD, WPG WP5	Word processor – WordPerfect Document and Graphic File
FF D8 FF E0 xx xx 4A 46 J F 49 46 I F	JPG	Graphics – JPEG/JFIF Format
FF D8 FF E1 xx xx 45 78 E x 69 66 i f	JPG	Graphics – JPEG/Exif Format – Digital Camera Exchangeable Image File Format (EXIF)
FF FF	GEM	GEM Metafile Format
FF D8 FF E8 xx xx 53 50 S P 49 46 46 00 I F F	JPG	Graphics – Still Picture Interchange File Format (SPIFF)

 

파일의 처음에 존재하는 시그니처는 보통 헤더(Header) 시그니처, 파일의 마지막에 존재하는 시그니처는 푸터(Footer or Tailer) 시그니처라고 부르고 문서에 따라 시그니처를 매직 넘버(magic number) 라고 사용하는 경우도 있습니다.

자료 출처 : http://forensic-proof.com/archives/300