Difference between pages "Extensible Storage Engine (ESE) Database File (EDB) format" and "File fragment classification"

From ForensicsWiki
(Difference between pages)
Redirect page
Jump to: navigation, search
(Also see)
 
m (Redirected page to File format identification)
 
Line 1: Line 1:
[[Microsoft]] uses the '''Extensible Storage Engine (ESE) Database File (EDB) format''' for multiple purposes.
+
#REDIRECT [[File format identification]]
 
+
== MIME types ==
+
 
+
The actual mime type of the ESDEB format is unspecified
+
 
+
== File signature ==
+
 
+
The ESEDB has the following file signature:
+
hexadecimal: ef cd ab 89 (at offset 4)
+
 
+
== File types ==
+
ESEDB distinguishes between the following types:
+
* database (.edb, .sdb, ...)
+
* streaming file (.stm)
+
 
+
There are also multiple versions of the ESEDB format.
+
 
+
== Contents ==
+
 
+
The ESEDB basically is an ISAM database file format.
+
 
+
The ESEDB format is used by many Microsoft applications to store data such as:
+
* Active Directory (NTDS)
+
* File Replication service (FRS)
+
* Windows Internet Name service (WINS)
+
* DHCP
+
* Security Configuration Engine (SCE)
+
* Certificate Server
+
* Terminal Services Session folder
+
* Terminal Services Licensing service
+
* Catalog database
+
* Help and Support Services
+
* Directory Synchronization service (MSDSS)
+
* Remote Storage (RSS)
+
* Phone Book service
+
* Single Instance Store (SIS) Groveler
+
* Windows NT Backup/Restore
+
* Exchange store
+
* Microsoft Exchange folder (SRS and DXA)
+
* Key Management service (KMS)
+
* Instant Messaging
+
* Windows (Vista) Mail
+
* Content Indexing/Windows (Desktop) Search
+
 
+
== External Links ==
+
 
+
* [http://code.google.com/p/libesedb/downloads/detail?name=Extensible%20Storage%20Engine%20%28ESE%29%20Database%20File%20%28EDB%29%20format.pdf Extensible Storage Engine (ESE) Database File (EDB) format]
+
* [http://en.wikipedia.org/wiki/Extensible_Storage_Engine Wikipedia on Extensible Storage Engine]
+
* [https://www.os3.nl/_media/2008-2009/students/willem_toorop/wlm2009_ese_fin.pdf Forensic examination of Windows Live Messenger 2009 Extensible Storage Engine], May 2009 by [[Wouter van Dongen]], [[Willem Toorop]], [[Joeri Blokhuis]]
+
 
+
== Tools ==
+
* [http://www.woanware.co.uk/?page_id=89 EsEDbViewer]
+
* [[libesedb]]
+
 
+
[[Category:File Formats]]
+

Revision as of 01:33, 7 February 2010