Step 0: Determine the size of the task for the
Step 1: Load the first 1K of all the files on the
system, check against the Magic Bytes to validate the file contents
and assign file type by Magic Bytes + File Extension.
Step 2: Perform re-adjustment of validation types by
performing logical assumptions.
Step 3: Grouping of Files is performed to assign
relationships to groups. For example, Microsoft Windows goes
in one group, ICQ in another group, etc.
Step 4: Reduction takes place at this point where
any "uninteresting" files are eliminated.
Step 5: Reaffirmation is a stage where the ASCII
files are searched for something to determine their actual nature.
Step 6: Classification phase is where each of the
files is assigned interest values based on an expert engine
Step 7: Database hash matching for anything that may
be of interest.
Step 8: Reporting phase.