Autopsy File Extension Mismatch Module
The file extension mismatch module was released with Autopsy 3.1 and detects files that may have had their extension changed to make them less obvious. Autopsy has a configuration file that maps file types to extensions are are OK.
The UI has a panel (in Tools -> Options) to update the list of extensions. This will update a copy of the configuration file in your home directory. You can find this location by going to the Help -> About window.
To add a new extension into the official distribution, use the UI to update your copy of the file. It will be stored in a location such as "C:\Users\jdoe\AppData\Roaming\.autopsy\dev\config\mismatch_config.xml". To get it updated in the official distribution, you can do one of the following:
- Make a fork of the github repository, copy the new file into the src\org\sleuthkit\autopsy\fileextmismatch folder and submit a pull request
- Attach the entire mismatch_config.xml file to a github issue.