Overview
Incydr groups files into categories based on analysis of the file contents and file extension. This categorization enables you to easily search, prioritize risk, and manage alerts based on specific types of files.
A complete list of categories and the types of files in those categories are listed below.
File category use case examples
- In Forensic Search, you can easily search for file events based on file category. For example, performing a search for the Image file category returns file activity for .gif, .jpg, .png, and many other known image file types.
- Risk indicators apply scores to file events based on the file category. For example, Source code files have a default score of +3, but you can change any score to match your risk tolerance for a specific category.
- Alert criteria can be based on file categories. For example, create a rule to alert you when Source code files are exfiltrated.
File category details
The table below lists examples of file extensions to illustrate the types of files included in each category. However, each category contains many more file types than listed here, and file extensions are not the only criteria used to determine the file category.
| File category |
Example file extensions (each category contains more file types than listed below) |
|---|---|
| Audio | aac, aif, flac, m4a, mp3, wav, wma |
| Bioinformatics | bam, fasta, fastq, sam, seq |
| Business intelligence | rep, rpt, sas, sas7bdat, twb |
| Certificates and keys | cer, crt, p12, pem, sig |
| Chemical | cdx, cif, gen, sdf, spc |
| Database | accdb, cpd, db, eap, mdb |
| Diagram | gv, vsd, vsdx, xmind |
| Document | doc, docx, pages, rtf, txt |
| Electrical design files | cir, sv, v, vhd |
| eml, emlx, msg, pst | |
| Executable | apk, app, com, dll, exe, jar, msi, pkg |
| Graphic design | ai, psd, tif, tiff |
| Image | ai, bmp, dwg, eps, gif, jpg, png, psd, raw, svg, tif |
| Mechanical design files | dwg, rfa, sldasm, slddrw, sldprt |
| Medical imaging | dcm, gii, nii, mgh, mnc |
| Microsoft proprietary data | mpp, mpx |
| Presentation | key, odp, otp, ppt, pptm, pptx |
| Research and technical documents | asc, dita, markdown, md, tex |
| Screen capture | jpg, png, mp4, mov |
| Script | action, bash, bat, cmd, job, sh, vbs |
| Source code | c, c++, class, go, h, java, js, php, py, r, rb, rs, swift, vb |
| Spreadsheet | ods, xll, xlsm, xlsx, xlt |
| Structured data | hstp, json, xcscheme, xml, xmp |
| Topography | dem, geojson, gml, shp |
| Video | avi, flv, mkv, mov, mp4, mpeg, mpg, wmv |
| Virtual Disk Image | dsk, hdd, hds, vdi, vhd, vhd, vhdx, vmdk |
| Web development and design | css, htm, html, js, ts, tsx |
| Zip | 7z, gz, vdb, xmlgz, zip |
File categories can help uncover mismatched file extensions
Where possible, we determine the file category based on the file contents, not the file extension. Examining the contents can highlight instances where a user changes a file extension. For example, if a file event has the file category Spreadsheet but the Filename uses the .jpg extension, it may indicate an attempt to hide or exfiltrate data.
In addition, the file mismatch risk indicator automatically identifies high-risk file mismatches that may indicate a file with an unexpected extension was renamed, downloaded, or shared.
Comments
Please sign in to leave a comment.