|
|
| Line 1: |
Line 1: |
| − | [[Microsoft]] uses the '''Extensible Storage Engine (ESE) Database File (EDB) format''' for multiple purposes.
| + | '''Welcome to ''Forensics Wiki''!''' |
| − | | + | We hope you will contribute much and well. |
| − | == MIME types ==
| + | You will probably want to read the [[Help:Contents|help pages]]. |
| − | | + | Again, welcome and have fun! [[User:.FUF|.FUF]] 12:33, 5 February 2010 (UTC) |
| − | The actual mime type of the ESDEB format is unspecified
| + | |
| − | | + | |
| − | == File signature ==
| + | |
| − | | + | |
| − | The ESEDB has the following file signature:
| + | |
| − | hexadecimal: ef cd ab 89 (at offset 4)
| + | |
| − | | + | |
| − | == File types ==
| + | |
| − | ESEDB distinguishes between the following types:
| + | |
| − | * database (.edb, .sdb, ...)
| + | |
| − | * streaming file (.stm)
| + | |
| − | | + | |
| − | There are also multiple versions of the ESEDB format.
| + | |
| − | | + | |
| − | == Contents ==
| + | |
| − | | + | |
| − | The ESEDB basically is an ISAM database file format.
| + | |
| − | | + | |
| − | The ESEDB format is used by many Microsoft applications to store data such as:
| + | |
| − | * Active Directory (NTDS)
| + | |
| − | * File Replication service (FRS)
| + | |
| − | * Windows Internet Name service (WINS)
| + | |
| − | * DHCP
| + | |
| − | * Security Configuration Engine (SCE)
| + | |
| − | * Certificate Server
| + | |
| − | * Terminal Services Session folder
| + | |
| − | * Terminal Services Licensing service
| + | |
| − | * Catalog database
| + | |
| − | * Help and Support Services
| + | |
| − | * Directory Synchronization service (MSDSS)
| + | |
| − | * Remote Storage (RSS)
| + | |
| − | * Phone Book service
| + | |
| − | * Single Instance Store (SIS) Groveler
| + | |
| − | * Windows NT Backup/Restore
| + | |
| − | * Exchange store
| + | |
| − | * Microsoft Exchange folder (SRS and DXA)
| + | |
| − | * Key Management service (KMS)
| + | |
| − | * Instant Messaging
| + | |
| − | * Windows (Vista) Mail
| + | |
| − | * Content Indexing/Windows (Desktop) Search
| + | |
| − | | + | |
| − | == External Links ==
| + | |
| − | | + | |
| − | * [http://code.google.com/p/libesedb/downloads/detail?name=Extensible%20Storage%20Engine%20%28ESE%29%20Database%20File%20%28EDB%29%20format.pdf Extensible Storage Engine (ESE) Database File (EDB) format], by [[libesedb|libesedb project]]
| + | |
| − | * [http://en.wikipedia.org/wiki/Extensible_Storage_Engine Wikipedia on Extensible Storage Engine]
| + | |
| − | * [https://www.os3.nl/_media/2008-2009/students/willem_toorop/wlm2009_ese_fin.pdf Forensic examination of Windows Live Messenger 2009 Extensible Storage Engine], May 2009 by [[Wouter van Dongen]], [[Willem Toorop]], [[Joeri Blokhuis]]
| + | |
| − | | + | |
| − | == Tools ==
| + | |
| − | * [http://www.woanware.co.uk/?page_id=89 EsEDbViewer]
| + | |
| − | * [[libesedb]]
| + | |
| − | | + | |
| − | [[Category:File Formats]]
| + | |
