Validate GHO Files: Magic Bytes & Python/Node Examples | FileSignature

Magic Bytes

Offset: 0


            FE FF

The Symantec Ghost Image file format is a proprietary disk cloning and backup container developed by Symantec for preserving data integrity across Windows systems. It is primarily used to store exact replicas of hard drives or partitions, facilitating system recovery, rapid deployment, and large-scale software distribution. While Broadcom continues to support the underlying technology in enterprise environments, the specific .gho extension is largely considered a legacy format associated with older iterations of the Ghost software.

Extension

.gho

MIME Type

application/octet-stream

Byte Offset

0

Risk Level

Safe

Validation Code

How to validate .gho files in Python

Python

def is_gho(file_path: str) -> bool:
    """Check if file is a valid GHO by magic bytes."""
    signature = bytes([0xFE, 0xFF])
    with open(file_path, "rb") as f:
        return f.read(2) == signature

How to validate .gho files in Node.js

Node.js

function isGHO(buffer: Buffer): boolean {
  const signature = Buffer.from([0xFE, 0xFF]);
  return buffer.subarray(0, 2).equals(signature);
}

Go

func IsGHO(data []byte) bool {
    signature := []byte{0xFE, 0xFF}
    if len(data) < 2 {
        return false
    }
    return bytes.Equal(data[:2], signature)
}

API Endpoint

GET /api/v1/gho


              curl https://filesignature.org/api/v1/gho

Symantex Ghost image file

Magic Bytes

Validation Code

How to validate .gho files in Python

How to validate .gho files in Node.js

API Endpoint

Related Formats