Forensic Search file categories
Who is this article for?
Incydr, yes.
CrashPlan for Enterprise, no.
Code42 for Enterprise, yes.
CrashPlan for Small Business, no.
This article applies to Code42 cloud environments.
Overview
Forensic Search groups files into categories based on analysis of the file contents and file extension. This categorization enables you to narrow your searches to specific types of files. For example, performing a search for the Image file category returns file activity for .gif, .jpg, .png, and many other known image file types.
A complete list of categories and the types of files in those categories appears below.
File category searches can assist with a number of security investigation use cases, such as searching for unsanctioned applications or looking for executables in unusual locations.
Search by file category
To search for file events based on file category:
- Sign in to the Code42 console.
- Select Investigation > Forensic Search.
- Select a date range.
- Select search type File Category.
- Choose a search operator (includes any or includes none).
- Select one or more file categories.
- (Optional) Click the + icon to add additional search criteria.
- Click Search.
File category details
The table below lists examples of file extensions to illustrate the types of files included in each category. However, each category contains many more file types than listed here, and file extensions are not the only criteria used to determine the file category.
Where possible, we determine the file category based on the file contents, not the file extension. Examining the contents can highlight instances where a user changes a file extension. For example, if a file event has the file category Spreadsheet but the Filename uses the .jpg extension, it may indicate an attempt to hide or exfiltrate data.
| File category |
Example file extensions (each category contains more file types than listed below) |
|---|---|
| Audio | aac, aif, flac, m4a, mp3, wav, wma |
| Document | doc, docx, pages, rtf, txt |
| Executable | apk, app, com, dll, exe, jar, msi, pkg |
| Image | ai, bmp, dwg, eps, gif, jpg, png, psd, raw, svg, tif |
| Presentation | key, odp, otp, ppt, pptm, pptx |
| Script | action, bash, bat, cmd, job, sh, vbs |
| Source code | c, c++, class, go, h, java, js, php, py, r, rb, rs, swift, vb |
| Spreadsheet | ods, xll, xlsm, xlsx, xlt |
| Video | avi, flv, mkv, mov, mp4, mpeg, mpg, wmv |
| Virtual Disk Image | dsk, hdd, hds, vdi, vhd, vhd, vhdx, vmdk |
| Zip | Archive file types, including: dmg, iso, rar, tar, tgz, zip |