Bypasses superficial file extensions to identify the true nature of a file by analyzing its underlying hex signature (Magic Bytes). Essential for identifying disguised payloads and preliminary malware triage.
Extracts hidden metadata across multiple file types. Pulls GPS coordinates, timestamps, camera models from media, and recovers author information, revision histories, and template data from documents.
Implements Context Triggered Piecewise Hashing (CTPH) to cluster related documents or identify polymorphic malware variants. Compares extracted metadata strings to generate percentage-based match scores.