Difference between revisions of "Extensible Storage Engine (ESE) Database File (EDB) format"

From ForensicsWiki
Jump to: navigation, search
(File types)
(Contents)
Line 20: Line 20:
  
 
The ESEDB basically is an ISAM database file format.
 
The ESEDB basically is an ISAM database file format.
 +
 +
The ESEDB format is used by many Microsoft applications to store data such as:
 +
* Active Directory (NTDS)
 +
* File Replication service (FRS)
 +
* Windows Internet Name service (WINS)
 +
* DHCP
 +
* Security Configuration Engine (SCE)
 +
* Certificate Server
 +
* Terminal Services Session folder
 +
* Terminal Services Licensing service
 +
* Catalog database
 +
* Help and Support Services
 +
* Directory Synchronization service (MSDSS)
 +
* Remote Storage (RSS)
 +
* Phone Book service
 +
* Single Instance Store (SIS) Groveler
 +
* Windows NT Backup/Restore
 +
* Exchange store
 +
* Microsoft Exchange folder (SRS and DXA)
 +
* Key Management service (KMS)
 +
* Instant Messaging
 +
* Windows (Vista) Mail
 +
* Content Indexing/Windows (Desktop) Search
  
 
== See also==
 
== See also==

Revision as of 08:45, 11 December 2010

Microsoft uses the Extensible Storage Engine (ESE) Database File (EDB) format for multiple purposes.

MIME types

The actual mime type of the ESDEB format is unspecified

File signature

The ESEDB has the following file signature: hexadecimal: ef cd ab 89 (at offset 4)

File types

ESEDB distinguishes between the following types:

  • database (.edb, .sdb, ...)
  • streaming file (.stm)

There are also multiple versions of the ESEDB format.

Contents

The ESEDB basically is an ISAM database file format.

The ESEDB format is used by many Microsoft applications to store data such as:

  • Active Directory (NTDS)
  • File Replication service (FRS)
  • Windows Internet Name service (WINS)
  • DHCP
  • Security Configuration Engine (SCE)
  • Certificate Server
  • Terminal Services Session folder
  • Terminal Services Licensing service
  • Catalog database
  • Help and Support Services
  • Directory Synchronization service (MSDSS)
  • Remote Storage (RSS)
  • Phone Book service
  • Single Instance Store (SIS) Groveler
  • Windows NT Backup/Restore
  • Exchange store
  • Microsoft Exchange folder (SRS and DXA)
  • Key Management service (KMS)
  • Instant Messaging
  • Windows (Vista) Mail
  • Content Indexing/Windows (Desktop) Search

See also