File Metadata Extractor

How to Use the File Metadata Extractor

1. Upload Any File: Drag and drop any file type onto the upload zone — images, PDFs, videos, executables, archives, documents, or even unknown file types.
2. View Basic Metadata: Instantly see filename, extension, MIME type, detected file type (via magic bytes), file size (human-readable and exact bytes), and last modified timestamp (both local time and Unix epoch).
3. Examine Hashes: SHA-1, SHA-256, and SHA-512 cryptographic hashes are computed — use these to verify file integrity, compare downloads, or identify files uniquely.
4. Inspect Magic Bytes: The first 16 bytes of the file are displayed in hex — revealing the file's true format regardless of its extension (useful for detecting renamed/disguised files).
5. Preview: Images render a visual preview; text-based files (JS, CSS, HTML, JSON, CSV) show the first 2000 characters of content.
6. Copy All: Click "Copy All" to export the complete metadata as formatted text.

Technical Overview & Use Cases

This tool reads files using the File API's arrayBuffer() method, accessing raw binary data without uploading. Magic byte detection compares the file's hex header against a database of known file signatures (JPEG: FF D8 FF, PNG: 89 50 4E 47, PDF: 25 50 44 46, etc.) — this reveals the true file type even when the extension is misleading. Cryptographic hashes are computed via the Web Crypto API's crypto.subtle.digest(), producing standard checksums identical to those from shasum or certutil commands.

Real-world use cases:

• Digital forensics: Identify disguised files (e.g., an EXE renamed to .jpg) by examining magic bytes. Compute file hashes for evidence chain-of-custody documentation.
• Download verification: Compare the SHA-256 hash of a downloaded file against the publisher's official checksum to confirm the file hasn't been tampered with or corrupted in transit.
• Malware triage: Check unknown files' true format and hash before opening — compare hashes against threat intelligence databases like VirusTotal to identify known malware.

Privacy & Security Guarantee

This tool is part of the FAK LAB ecosystem, founded by Faizan Ahmad Khan Khichi. Files are read entirely in your browser's memory using the File API. No file data, content, or hash values are ever transmitted to any server. The tool cannot access files you don't explicitly select — there is no background scanning, no file indexing, and no remote storage of any kind. Your files remain 100% on your device.

Frequently Asked Questions

What are "magic bytes" and why do they matter?

Magic bytes (file signatures) are the first few bytes of a file that identify its true format. A JPEG always starts with FF D8 FF, a PDF with %PDF (25 50 44 46), and a ZIP with PK (50 4B). This is more reliable than file extensions because anyone can rename a .exe to .jpg — but the magic bytes reveal the truth. Security tools, operating systems, and forensic software all use magic bytes for file identification.

Why might the MIME type differ from the detected type?

The MIME type comes from the browser's guess based on the file extension. The detected type comes from analyzing actual file content (magic bytes). If someone renames "malware.exe" to "photo.jpg", the MIME type would say "image/jpeg" (extension-based) while detected type correctly identifies "Windows EXE/DLL" (content-based). Trust the detected type.

How long does hash computation take for large files?

The Web Crypto API is hardware-accelerated on most modern devices. For files under 100MB, hashing typically completes in under 2 seconds. For multi-gigabyte files, it may take 10-30 seconds depending on your device's processing speed and memory. The entire file must be read into memory, so very large files on low-RAM devices may cause browser slowdowns.