When creating a file capture there are three ways to identify files,
- Fast Identification (Quick)
- Thorough Identification for Files Without File Extensions (Speed Optimized)
- Thorough Identification for all files (Comprehensive)
Fast identification identifies file types using the file extension only
Thorough identification for files without extensions uses file signature analysis to identify files that have no file extension and fast identification on those that do
Thorough identification for all files uses file signature analysis to identify all files. This will
increase the time the scan takes to run
If a Search Profile is "Speed Optimized" it is using Thorough identification for files without extensions. This option allows for faster collection while collecting more files that may be in cache files or saved without file extensions.
The impact to the total time of the scan is minimal while the collection of potential evidence is greater.