Symantex Ghost image file (.gho)

.gho file signature | application/octet-stream

Symantec Ghost image file is a disk imaging format created and maintained by Symantec for Norton Ghost. It is used to capture, store, and deploy complete system or partition backups during operating system installation, migration, and recovery. The format is associated with legacy Ghost utilities and is generally safe to open, although image contents should be treated as untrusted data when restoring from unknown sources.

Safe

Magic Bytes

Offset 0


              FE EF

Sources: Gary Kessler

Extension

.gho

MIME Type

application/octet-stream

Byte Offset

Risk Level

Safe

Validation Code

How to validate .gho files in Python

Python

def is_gho(file_path: str) -> bool:
    """Check if file is a valid GHO by magic bytes."""
    signature = bytes([0xFE, 0xEF])
    with open(file_path, "rb") as f:
        return f.read(2) == signature

How to validate .gho files in Node.js

Node.js

function isGHO(buffer: Buffer): boolean {
  const signature = Buffer.from([0xFE, 0xEF]);
  return buffer.subarray(0, 2).equals(signature);
}

How to validate .gho files in Go

func IsGHO(data []byte) bool {
    signature := []byte{0xFE, 0xEF}
    if len(data) < 2 {
        return false
    }
    return bytes.Equal(data[:2], signature)
}

API Endpoint

GET /api/v1/gho


              curl https://filesignature.org/api/v1/gho

See the full API documentation for all endpoints and parameters.

Related Formats

.ghs

Frequently Asked Questions

What is a .gho file?

A .gho file is a Symantex Ghost image file file. Symantec Ghost image file is a disk imaging format created and maintained by Symantec for Norton Ghost. It is used to capture, store, and deploy complete system or partition backups during operating system installation, migration, and recovery. The format is associated with legacy Ghost utilities and is generally safe to open, although image contents should be treated as untrusted data when restoring from unknown sources.

What are the magic bytes for .gho files?

The magic bytes for Symantex Ghost image file files are FE EF at byte offset 0. These bytes uniquely identify the file format regardless of the file extension.

How do I validate a .gho file?

To validate a .gho file, read the first bytes of the file and compare them against the known magic bytes (FE EF) at offset 0. This is more reliable than checking the file extension alone, as extensions can be renamed.

What is the MIME type for .gho files?

There is no officially registered MIME type for .gho files. Systems typically use application/octet-stream as a generic fallback when handling this format.

Is it safe to open .gho files?

Symantex Ghost image file (.gho) files are generally safe to open. They are classified as low risk because they primarily contain data rather than executable code. However, always ensure files come from a trusted source.