sleuthkit 4.4.0-5 / usr / share / tsk / sorter / default.sort

This file is indexed.

/usr/share/tsk/sorter/default.sort is in sleuthkit 4.4.0-5.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
#
# default.sort
# default config file for Sleuth Kit sorter
#
# These settings have the lowest priority of all config files
#
# It is used for ALL platform types though
#
#
# Category
# If the keyword is found in the 'file' output, then the data is saved
# to either the summary file or even copied if the appropriate flags are
# given
#
# category	cat_name	keywords
#
#
# Extension
# If the keywords are found in the 'file' output, and the file extension
# is different than then the one on the file, an alert is generated 
# 'somewhere'
# ext		ext1,ext2,ext3	keywords




##########################################################################
# Multimedia
##########################################################################

# Audio
category    audio           audio

category	audio			MIDI
ext			mid,rmi			MIDI

category	audio			MP3
ext			mp3				MP3



# Images
category	images		image data
ext			jpg,jpeg,jpe 	JPEG image data	
ext			gif			GIF image data
ext			tif			TIFF image data
ext			png			PNG image data

category	images		bitmap data
ext			bmp			PC bitmap data

category	images		font
ext			ttf			true type font



# Video
category	video		RealMedia
ext			rm			RealMedia




##########################################################################
# archive & compression
##########################################################################

# archive
category	archive		archive 
ext			zip,jar		Zip archive data
ext			tar			tar archive

category    archive     DB
ext         db      	Berkeley DB


# compression
category    compress        compress
ext         gz,tgz          gzip compressed data
ext         Z               compress'd data




##########################################################################
# Executables 
##########################################################################
# Execs
category 	exec		executable
category	exec		\sscript
# the above can cause errors with postscript and transcript

category	exec		batch file

# NOTE: Some windows binaries have the term "executable not relocatable"
# which will trigger on this when it should trigger on executable
category	exec		relocatable


# Java
category	exec		class data
ext			class		Java class data


category	exec		object
ext			o			object

category	exec		python compiled




##########################################################################
# Documents, 
##########################################################################
category	documents				document 


# Microsoft
ext			doc,dot,ppt,pot,xls,xlt,msc,pcb			Microsoft Office Document

category	documents				Rich Text Format
ext			rtf						Rich Text Format

# Corel & Word Perfect
category	documents				Corel\/WP
ext			wpg,wpd,shw				Corel\/WP

# Lotus 
category	documents				Lotus 1\-2\-3
ext			wb2						Lotus 1\-2\-3

# Adobe
ext			pdf						PDF document
ext			ps,eps					PostScript document


##########################################################################
# Text
##########################################################################
category	text			ASCII(.*?)text
ext         txt,log         ASCII(.*?)text
ext			c,cpp,h,js		ASCII(.*?)text
ext			sh,csh			ASCII(.*?)text
ext			conf			ASCII(.*?)text

category    text            character data
ext         txt             character data

category	text			ISO\-8859(.*?)text
ext         txt             ISO\-8859(.*?)text

category	text			HTML document text
ext			htm,html,hta	HTML document text

category	text		program text
ext			c,cpp,h,js	program text
category	text		\ssource



##########################################################################
# Other
##########################################################################
# Disk
category	disk			boot sector
category	disk			filesystem data


# Crypto
category	crypto			PGP
ext			asc				PGP armored

# Postscript Printer Description
category	system			PPD file
ext			ppd				PPD file


# 'file' reports 'data' for all unknown binary files
# do not bother with extensions with this 
category	data			^data$

APT Browse - Built by Thomas Orozco.