Auditing Different Types of File Formats

Any file extension may be audited; however, files such as .zip and .gz are not decompressed on the fly. If your file has compression or some sort of encoding in the data, pattern searching may not be possible.

For documents that store data in Unicode format, the parsing routines of the .nbin file will string out all “NULL” bytes that are encountered.

Additionally, all versions of Microsoft Office documents are supported. This includes the newer encoded versions added with Office 2007 such as .xlsx and .docx.

Last, support for various types of PDF file formats is included. Tenable has written an extensive PDF analyzer that extracts raw strings for matching. Users should only concern themselves for what sort of data they want to look for in a PDF file.