Libesedb
From Forensics Wiki
Revision as of 08:44, 11 December 2010 by Joachim Metz (Talk | contribs)
| libesedb | |
|---|---|
| Maintainer: | Joachim Metz |
| OS: | Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows |
| Genre: | Analysis |
| License: | LGPL |
| Website: | libesedb.sourceforge.net |
The libesedb package contains a library and applications to read the EDB File format.
The EDB File format is used by many Microsoft applications to store data such as:
- Active Directory (NTDS)
- File Replication service (FRS)
- Windows Internet Name service (WINS)
- DHCP
- Security Configuration Engine (SCE)
- Certificate Server
- Terminal Services Session folder
- Terminal Services Licensing service
- Catalog database
- Help and Support Services
- Directory Synchronization service (MSDSS)
- Remote Storage (RSS)
- Phone Book service
- Single Instance Store (SIS) Groveler
- Windows NT Backup/Restore
- Exchange store
- Microsoft Exchange folder (SRS and DXA)
- Key Management service (KMS)
- Instant Messaging
- Windows (Vista) Mail
- Content Indexing/Windows (Desktop) Search
History
Libesedb was created by Joachim Metz in 2009, while working for Hoffmann Investigations.
Tools
The libesedb package contains the following tools:
- esedbexport, which exports the items stored in ESE database files.
- esedbinfo, which shows the information about ESE database files.
