Validate GHS Files: Magic Bytes & Python/Node Examples | FileSignature

Magic Bytes

Offset: 0


            FE FF

The GHS file extension represents a spanned segment of a disk image created by Norton Ghost, software originally developed by Binary Research and subsequently maintained by Symantec. These files function as continuation parts of a larger backup archive, typically accompanying a primary GHO file, to accommodate storage media size limitations or file system constraints. Although the original consumer software has been discontinued, these legacy archives remain relevant for restoring older system states or accessing historical data backups.

Extension

.ghs

MIME Type

application/octet-stream

Byte Offset

0

Risk Level

Safe

Validation Code

How to validate .ghs files in Python

Python

def is_ghs(file_path: str) -> bool:
    """Check if file is a valid GHS by magic bytes."""
    signature = bytes([0xFE, 0xFF])
    with open(file_path, "rb") as f:
        return f.read(2) == signature

How to validate .ghs files in Node.js

Node.js

function isGHS(buffer: Buffer): boolean {
  const signature = Buffer.from([0xFE, 0xFF]);
  return buffer.subarray(0, 2).equals(signature);
}

Go

func IsGHS(data []byte) bool {
    signature := []byte{0xFE, 0xFF}
    if len(data) < 2 {
        return false
    }
    return bytes.Equal(data[:2], signature)
}

API Endpoint

GET /api/v1/ghs


              curl https://filesignature.org/api/v1/ghs

Symantex Ghost image file

Magic Bytes

Validation Code

How to validate .ghs files in Python

How to validate .ghs files in Node.js

API Endpoint

Related Formats