Difference between pages "Personal Folder File (PAB, PST, OST)" and "Nickfile (NK2)"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(File signature)
 
 
Line 1: Line 1:
[[Microsoft]] [[Outlook]] uses the '''Personal Folder File (PFF)''' to store e-mails, appointments, tasks, contacts, notes, etc.
+
[[Microsoft]] [[Outlook]] uses the '''Nickfile (NK2)''' to store e-mail address aliases.
 
+
The file is also known as Outlook AutoComplete File and Nickname file.
Three different types of the PFF are known:
+
* The '''Personal Address Book (PAB)''', which contains the address book of contacts. These files have the extension '''.pab'''.
+
* The '''Personal Storage Table (PST)''', which contains items like e-mails, appointments, tasks, notes, etc. and is used as current and archived mailbox files. These files have the extension '''.pst'''. The PST format is also referred to as the '''Personal Folder File (PFF)''' format.
+
* The '''Offline Storage Table (OST)''', which contains items like e-mails, appointments, tasks, notes, etc. and is used as off line mailbox files in conjunction with [[Microsoft]] [[Exchange]]. These files have the extension '''.ost'''. The OST format is also referred to as the '''Offline Folder File (OFF)''' format.
+
 
+
The underlying file format of these files is the same of which the actual name is unknown but has been dubbed the '''Personal Folder File (PFF)''' format, because of its most common usage.
+
  
 
== MIME types ==
 
== MIME types ==
  
The actual mime type of the PFF format is unspecified however some sources claim the following [[MIME types]] apply to this [[file format]]:
+
The actual mime type of the NK2 format is unspecified
* application/vnd.ms-outlook (for PST files)
+
  
 
== File signature ==
 
== File signature ==
  
PFF has the following file signature:
+
The NK2 has the following file signature:
 +
hexadecimal: 0D F0 AD BA
  
hexadecimal: 21 42 44 4e
+
Note that other sources claim that the file signature is
 
+
hexadecimal: 0D F0 AD BA 0A 00 00 00
ASCII: !BDN
+
 
+
== File types ==
+
 
+
There are a 32-bit and a 64-bit version of the PFF. These have the same file signature but can be identified by the version in the file header.
+
  
 
== Contents ==
 
== Contents ==
  
The PFF basically contains a hierarchy of items. The attributes of these items are defined by the [[Microsoft]] [[Outlook]] [[Message API (MAPI)]].
+
The NK2 basically contains a list of items. The attributes of these items are defined by the [[Microsoft]] [[Outlook]] [[Message API (MAPI)]].
 
+
== Encryption ==
+
 
+
The PFF format allows the file to be encrypted. Two types of encryptions are currently known these are referred to as compressible and high encryption.
+
The compressible encryption is a basic substitution cypher and the high encryption is a little more complex substitution cypher.
+
From a cryptographic point of view this is more a way of obfuscation than a means to protect confidentiality.
+
  
 
== See also==
 
== See also==
  
* A great deal of information about the format has been documented by the [http://libpff.sourceforge.net libpff project], including some of the [http://downloads.sourceforge.net/libpff/Personal_Folder_File_format.pdf Personal Folder File format specifications] and [http://downloads.sourceforge.net/libpff/MAPI_definitions.pdf MAPI definitions].
+
* A great deal of information about the format has been documented by the [http://libnk2.sourceforge.net libnk2 project], including some of the [http://downloads.sourceforge.net/libnk2/Nickfile_format.pdf Nickfile format specifications] and [http://downloads.sourceforge.net/libpff/MAPI_definitions.pdf MAPI definitions].
* [http://www.five-ten-sg.com/libpst/ libpst]
+
  
 
[[Category:File Formats]]
 
[[Category:File Formats]]

Revision as of 03:42, 31 January 2009

Microsoft Outlook uses the Nickfile (NK2) to store e-mail address aliases. The file is also known as Outlook AutoComplete File and Nickname file.

Contents

MIME types

The actual mime type of the NK2 format is unspecified

File signature

The NK2 has the following file signature: hexadecimal: 0D F0 AD BA

Note that other sources claim that the file signature is hexadecimal: 0D F0 AD BA 0A 00 00 00

Contents

The NK2 basically contains a list of items. The attributes of these items are defined by the Microsoft Outlook Message API (MAPI).

See also

Retrieved from "http://www.forensicswiki.org/w/index.php?title=Personal_Folder_File_(PAB,_PST,_OST)&oldid=9204"