During the digital forensics works we had faced with various type of files. From our personal experience we can say it's not easy. There are numerous file types. If we got a file from suspected devices without any file extension then it is very hard to make an idea about the file type. There are some utilities on Linux like file can done the job, but that may not be the perfect and less information.
In this detailed guide we are going to discuss about "Detect It Easy" aka "DIE". Detect It Easy or DIE is a cross-platform file type detection program. Apart from Linux (read Kali Linux in our case), it is also available for Windows and Mac OS.
DIE exists in three versions. Basic version (“DIE”), Lite version (“DIEL”) and terminal version (“DIEC”). All the three use the same signatures, which are located in the folder "db". If you open this folder, nested sub-folders will be found (“Binary”, “PE” and others). The names of sub-folders correspond to the types of files. First, DIE determines the type of file, and then sequentially loads all the signatures, which lie in the corresponding folder. Currently the program defines the following types:
- MSDOS executable files MS-DOS.
- PE executable files Windows.
- ELF executable files Linux.
- MACH executable files Mac OS.
- Binary all other files.
Install Detect It Easy on Kali Linux
Installing "Detect It Easy" on Kali Linux is also very easy. First of all we need to install some dependencies to run this by using following command:
The dependencies will be installed shortly, as we can see in the following screenshot:
Now we need to download "Detect It Easy" from GitHub by using following command:
This will take some time depending on our internet speed and system performance. As we can see in the following screenshot:
Now we need to navigate to our recently downloaded/cloned directory by simply using following command:
Now we need to run build script by using following command:
We can see that the build script is running in the following screenshot:
It might take some time depending on our system performance. We need a coffee break 🍵, let it finish.
After it finishes we need to install the deb package on our Kali Linux system. To do that we need to run the following command:
In the following screenshot we can see that the installation process is done. It will not take longer time like building script.
Now our installation is finished. Now we move forward to using "Detect It Easy" on our system and try to identify some file types.
Using Detect It Easy on Kali Linux
First we need some files, specially no extension named files that will help us to know the file types. Otherwise, we know that .exe is a Windows application and .py is a python program. Here we have file a file named "Video" on our Desktop, which didn't have any file extension.
Some of us can assume that it might be a video file, Lets see what "Detect It Easy" detects.We can use command line or graphical user interface both, that doesn't matter our work should be done. We use following command to know the file type of 'Video' named file on our Desktop.
Because we are already in Desktop directory we don't need to set our file path, we just use name. But in the case our working directory is different from file location we need to use path of file. In the following screenshot we can see the output, by the way the diec command used for DIE command line utility.
Form the above screenshot we can easily understand that this 'Video' is not a video file, it is a Microsoft installer file (exe file for Windows).
In other hand, we can use GUI version of "Detect It Easy" by simply using following command on our terminal:
Now the Graphical User Interface of "Detect It Easy" will open in our front as we can see in the following screenshot:
DIE Graphical Interface |
It is very fast and easy to use. We can see various things here. MIME, Hash, Strings etc for detailed analysis.
Note: Detect It Easy is mainly created for analyzing executable files, so its functions are more related to program files, for example, determining the architecture. But there is also support for other binaries.
This is how we can install "Detect It Easy" on our system, and know any kind of file types (specially program files) using our Kali Linux system.
Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.