Skip to content

Symantex Ghost image file (.ghs)

.ghs file signature | application/octet-stream

Symantec Ghost image file (GHS) is a disk imaging format created by Symantec for use with Ghost backup and cloning software. It is used to store system, partition, or volume images for deployment, restoration, and migration across computers. The format is primarily associated with legacy Ghost workflows and is generally safe to open, though image files from untrusted sources should be handled cautiously because they may contain altered or unexpected disk content.

Safe

Magic Bytes

Offset 0
FE EF

Sources: Gary Kessler

Extension

.ghs

MIME Type

application/octet-stream

Byte Offset

0

Risk Level

Safe

Validation Code

How to validate .ghs files in Python

Python 
def is_ghs(file_path: str) -> bool:
    """Check if file is a valid GHS by magic bytes."""
    signature = bytes([0xFE, 0xEF])
    with open(file_path, "rb") as f:
        return f.read(2) == signature

How to validate .ghs files in Node.js

Node.js 
function isGHS(buffer: Buffer): boolean {
  const signature = Buffer.from([0xFE, 0xEF]);
  return buffer.subarray(0, 2).equals(signature);
}

How to validate .ghs files in Go

Go 
func IsGHS(data []byte) bool {
    signature := []byte{0xFE, 0xEF}
    if len(data) < 2 {
        return false
    }
    return bytes.Equal(data[:2], signature)
}

API Endpoint

GET /api/v1/ghs
curl https://filesignature.org/api/v1/ghs

See the full API documentation for all endpoints and parameters.

Related Formats

.gho

Frequently Asked Questions

What is a .ghs file?

A .ghs file is a Symantex Ghost image file file. Symantec Ghost image file (GHS) is a disk imaging format created by Symantec for use with Ghost backup and cloning software. It is used to store system, partition, or volume images for deployment, restoration, and migration across computers. The format is primarily associated with legacy Ghost workflows and is generally safe to open, though image files from untrusted sources should be handled cautiously because they may contain altered or unexpected disk content.

What are the magic bytes for .ghs files?

The magic bytes for Symantex Ghost image file files are FE EF at byte offset 0. These bytes uniquely identify the file format regardless of the file extension.

How do I validate a .ghs file?

To validate a .ghs file, read the first bytes of the file and compare them against the known magic bytes (FE EF) at offset 0. This is more reliable than checking the file extension alone, as extensions can be renamed.

What is the MIME type for .ghs files?

There is no officially registered MIME type for .ghs files. Systems typically use application/octet-stream as a generic fallback when handling this format.

Is it safe to open .ghs files?

Symantex Ghost image file (.ghs) files are generally safe to open. They are classified as low risk because they primarily contain data rather than executable code. However, always ensure files come from a trusted source.