Batu69 Posted August 17, 2015 Share Posted August 17, 2015 You’ve been emailed a strange attachment, downloaded something dubious, or maybe just found a file that’s lost its extension. You need to find out more, and Detect It Easy is the ideal tool to help.It’s portable, cross-platform, and -- initially, at least -- very easy to use. Just drag and drop your target file onto the program and it’ll tell you more about it. Detect It Easy is designed as a packer identifier, and giving it an executable gets you a vast amount of information: compiler, linker, packer, all the usual structure details, functions, a graphical display of entropy, even a disassembler.You don’t need to understand all -- or any -- of the low-level detail, of course. Just knowing that the email attachment "entirely.safe" is actually an executable could be interesting. It can also identify other file types, like images or documents, and give you useful information about them: the format version, the number of files in an archive, and so on. That’s just the start. If a file looks interesting, click "H" and it opens in a hex viewer, ready for further browsing.There are bonus tools to search the file for values and strings (both ANSI and Unicode), copy selected bytes to the clipboard in various formats, even dump your selection to a separate file.This is far more configurable and expandable than you might expect, too. In particular, the logic to identify file types isn’t hard-coded into the program, rather it’s organized into scripts. You’re able to view these, edit and even debug them.A lack of documentation means it takes a while to figure out how these more advanced features work. But that’s not a problem for more basic tools -- the file identifier just needs a drag and drop -- and overall Detect It Easy is a great little file investigator with something for everyone.Detect It Easy is a freeware application for Windows, OS X and Linux (via Hexacorn).Source Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.