Validate CAS Files: Magic Bytes & Python/Node Examples | FileSignature

Magic Bytes

Offset: 0


            60 EA

The EnCase case file is a proprietary digital forensics project format developed by Guidance Software and currently maintained by OpenText. It functions as a project container for storing investigation metadata, search bookmarks, and examiner notes produced during the analysis of digital evidence images. While largely superseded by contemporary database-driven storage methods, this legacy format remains essential for preserving the organizational structure and chain of custody within historical forensic investigations.

Extension

.cas

MIME Type

application/octet-stream

Byte Offset

0

Risk Level

Safe

Validation Code

How to validate .cas files in Python

Python

def is_cas(file_path: str) -> bool:
    """Check if file is a valid CAS by magic bytes."""
    signature = bytes([0x60, 0xEA])
    with open(file_path, "rb") as f:
        return f.read(2) == signature

How to validate .cas files in Node.js

Node.js

function isCAS(buffer: Buffer): boolean {
  const signature = Buffer.from([0x60, 0xEA]);
  return buffer.subarray(0, 2).equals(signature);
}

Go

func IsCAS(data []byte) bool {
    signature := []byte{0x60, 0xEA}
    if len(data) < 2 {
        return false
    }
    return bytes.Equal(data[:2], signature)
}

API Endpoint

GET /api/v1/cas


              curl https://filesignature.org/api/v1/cas

Magic Bytes

Validation Code

How to validate .cas files in Python

How to validate .cas files in Node.js

API Endpoint

Related Formats