Libesedb

From Forensics Wiki
Revision as of 15:17, 16 January 2010 by Joachim Metz (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
libesedb
Maintainer: Joachim Metz
OS: Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows
Genre: Analysis
License: LGPL
Website: libesedb.sourceforge.net

libesedb is a library currently under development to read the EDB File format. Intended for Linux systems, the library should also work on other platforms. The library is being developed by Joachim Metz of Hoffmann Investigations.

The EDB File format is used by many Microsoft application to store data such as Windows (Vista) Mail, Windows Search, Active Directory and Exchange.

Some sources claim that the following data is stored using ESEDB:

  • Active Directory (NTDS)
  • File Replication service (FRS)
  • Windows Internet Name service (WINS)
  • DHCP
  • Security Configuration Engine (SCE)
  • Certificate Server
  • Terminal Services Session folder
  • Terminal Services Licensing service
  • Catalog database
  • Help and Support Services
  • Directory Synchronization service (MSDSS)
  • Remote Storage (RSS)
  • Phone Book service
  • Single Instance Store (SIS) Groveler
  • Windows NT Backup/Restore
  • Exchange store
  • Microsoft Exchange folder (SRS and DXA)
  • Key Management service (KMS)
  • Instant Messaging
  • Content Indexing

External Links