ForensicsAlso called: "magic numbers", "file headers", "file type detection"
Magic numbers help verify true file types and detect malicious files masquerading as safe formats.
Common signatures
- PDF: %PDF (25 50 44 46).
- PNG: \x89PNG (89 50 4E 47).
- JPEG: \xFF\xD8\xFF (FF D8 FF).
- ZIP: PK (50 4B).
- EXE: MZ (4D 5A).
Security uses
- Detect files with mismatched extensions (.jpg that's really .exe).
- Bypass upload filters that only check file extensions.
- Verify file integrity after download or transfer.
- Identify malware hidden in document files.
Validation
- Check first few bytes against known signatures.
- Compare extension with actual file type.
- Reject uploads with extension/signature mismatches.