Add your own extension to PhotoRec
Since PhotoRec 6.12, it is possible to add your own custom signatures to PhotoRec. Custom signatures are enabled by default in the
How to verify if PhotoRec already detect the file format ?
- Consult the list of file formats recovered by PhotoRec. More than 320 file extensions (about 200 file families) are referenced.
- Start a console/terminal/shell (
cmdUnder Windows) and run
fidentifywith a file sample in parameter:
[kmaster@adsl ~]$ fidentify /home/kmaster/src/testfiles/sample.pfi /home/kmaster/src/testfiles/sample.pfi: unknown
In this case, the file type is listed as unknown, so PhotoRec can't recover this kind of file, at least for the moment. We will check if it's possible to add a custom signature for it.
The file must contain one signature definition per line. A signature is composed of
- extension name
- offset of the signature
- signature or magic value
The magic value can be composed of
- a string, ie "data". Special characters can be escaped like "\b", "\n", "\r", "\t", "\0" or "\\".
- hexadecimal data, ie 0x12, 0x1234, 0x123456... Note that
0x12 0x34 0x56and
0x12, 0x34, 0x56are equivalents.
- space or comma delimiters are ignored
By using an hexadecimal editor, you can see that the pfi file from our example begins by a distinctive string
PhotoFiltre Image at offset 0.
[kmaster@adsl ~]$ hexdump -C /home/kmaster/src/testfiles/sample.pfi | head 00000000 50 68 6f 74 6f 46 69 6c 74 72 65 20 49 6d 61 67 |PhotoFiltre Imag| 00000010 65 03 40 06 00 00 b0 04 00 00 40 19 01 00 40 19 |e.@.......@...@.| 00000020 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
The signature can be written as
pfi 0 "PhotoFiltre Image"
pfi 0 "PhotoFiltre", 0x20, "Image"
or if you prefer hexadecimal
pfi 0 0x50686f746f46696c74726520496d616765
From fidentify/PhotoRec point of view, the signatures are identical.
PhotoRec searches for the signature file named
C:\Documents and Settings\bob\or
photorec.sigin the current directory
This file doesn't exist by default, you need to create one.
Using a text editor (ie. notepad, vim...), create the signature file and add the signature you have identified.
Check your custom signature with fidentify
fidentify now perfectly identify the file
[kmaster@adsl ~]$ fidentify /home/kmaster/src/testfiles/sample.pfi /home/kmaster/src/testfiles/sample.pfi: pfi
If fidentify doesn't recognize the signature,
- check your signature, it may be incorrect
- verify that the signature file is a true ASCII text file. It must not begin by
EF BB BF(UTF-8 Byte Order Mark) or
FF FE(UTF-16 LE BOM) by example.
- verify the filename of your signature file
You are now ready to use PhotoRec with your custom signature to recover your files. If a signature file is present, PhotoRec will use it by default.
Improved file recovery
To control all aspects of the recovery (file content check, file size control, footer detection...),
the best way to add a signature, if you are developer, is to modify PhotoRec itself.
Commercial support is also available from the author.