Identify mystery file types with TrID-Net
Identifying a file type is often very easy. A glance at the icon gives you a general idea -- VLC Media Player tells you it’s a media file, for instance -- and the extension tells you everything else.
Life isn’t always that simple, though. File extensions might be lost, changed, or maybe you’ve just found a mystery file in a folder somewhere and would like to know what it is.
Opening the file in Notepad can give you some clues. If the first two characters are MZ, it’s a Windows executable; PK means a ZIP file; ID3 is a media file; 6 cryptic bytes followed by JFIF signifies a JPG, and so on.
TrIDNet is a free-for-personal-use tool which uses the same principle to identify file types by their content alone. It’s been around for a long time, but is the program still relevant today? We grabbed a copy to find out.
Setup is a two-step process. There’s no installation, but after downloading and unzipping TrIDNet.exe you must download its file definitions separately, and unzip them into the same folder (you’ll have a \defs folder in the same folder as TrIDNet.exe).
With that out of the way, importing test files is as easy as dragging and dropping them onto the TrIDNet.exe window. The results are displayed in a table.
Sometimes the program offers a single verdict -- our test RAR was 100 percent a "RAR Archive" -- but you’ll often see extra information.
We imported a Word DOCX and were told it was 85.5 percent a "Word Microsoft Office Open XML Format document", and 14.5 percent a "ZIP compressed archive". That’s impressive, because DOCX files are structured as ZIPs with word processing documents inside, so TrID-Net has told you almost everything you need to know.
(And if you need to know more, double-clicking the column header opens a dialog with additional details, including -- in the case of DOCX -- a link to Wikipedia’s page on the format.)
That’s a very common format, of course, so we tested the program with assorted leftovers that we’d found in our Documents folder.
Picate.pixate was a remnant of the old Pixate project, but TrIDNet revealed that it was also a regular SQLite 3.x database, so we should be able to view it in any SQLite app.
TrIDNet next explained that MyData.p2g was a part of a Power2Go project, useful in deciding whether it could be safely deleted.
The program can’t replace human expertise entirely. If you understand SQL then you’ll recognise a .SQL dump immediately, but TrIDNet won’t because the file type doesn’t have a fixed signature it can use.
But when there are signatures available, the program does very well. We give it an MSI and not only did it tell us this was a Windows Installer file, it also gave us the overall type: a generic OLE2/ Multistream Compound File.
TrIDNet doesn’t have any batch processing support, but the console-based TrID.exe has a few related options. If you’ve undeleted a bunch of files which no longer have their signatures, for instance, running a command like trid \recovered\* -ae will rename them all to have the best-guess extension -- potentially very useful.
TrIDNet is available for Windows XP and later.