EnCase case file (.cbk)

.cbk file signature | application/octet-stream

The EnCase case file (CBK) is a forensic case container format created by Guidance Software and now maintained as part of OpenText Forensic products. The format stores case metadata, examiner notes, and references to evidence collected during digital investigations, and it is used with EnCase forensic analysis workflows and related case management tools. It is generally safe to open, but as with any investigation file, it should be handled carefully to preserve evidentiary integrity.

Safe

Magic Bytes

Offset 0


              5F 43 41 53 45 5F

Sources: Gary Kessler

Extension

.cbk

MIME Type

application/octet-stream

Byte Offset

Risk Level

Safe

Validation Code

How to validate .cbk files in Python

Python

def is_cbk(file_path: str) -> bool:
    """Check if file is a valid CBK by magic bytes."""
    signature = bytes([0x5F, 0x43, 0x41, 0x53, 0x45, 0x5F])
    with open(file_path, "rb") as f:
        return f.read(6) == signature

How to validate .cbk files in Node.js

Node.js

function isCBK(buffer: Buffer): boolean {
  const signature = Buffer.from([0x5F, 0x43, 0x41, 0x53, 0x45, 0x5F]);
  return buffer.subarray(0, 6).equals(signature);
}

How to validate .cbk files in Go

func IsCBK(data []byte) bool {
    signature := []byte{0x5F, 0x43, 0x41, 0x53, 0x45, 0x5F}
    if len(data) < 6 {
        return false
    }
    return bytes.Equal(data[:6], signature)
}

API Endpoint

GET /api/v1/cbk


              curl https://filesignature.org/api/v1/cbk

See the full API documentation for all endpoints and parameters.

Related Formats

.cas

Frequently Asked Questions

What is a .cbk file?

A .cbk file is a EnCase case file file. The EnCase case file (CBK) is a forensic case container format created by Guidance Software and now maintained as part of OpenText Forensic products. The format stores case metadata, examiner notes, and references to evidence collected during digital investigations, and it is used with EnCase forensic analysis workflows and related case management tools. It is generally safe to open, but as with any investigation file, it should be handled carefully to preserve evidentiary integrity.

What are the magic bytes for .cbk files?

The magic bytes for EnCase case file files are 5F 43 41 53 45 5F at byte offset 0. These bytes uniquely identify the file format regardless of the file extension.

How do I validate a .cbk file?

To validate a .cbk file, read the first bytes of the file and compare them against the known magic bytes (5F 43 41 53 45 5F) at offset 0. This is more reliable than checking the file extension alone, as extensions can be renamed.

What is the MIME type for .cbk files?

There is no officially registered MIME type for .cbk files. Systems typically use application/octet-stream as a generic fallback when handling this format.

Is it safe to open .cbk files?

EnCase case file (.cbk) files are generally safe to open. They are classified as low risk because they primarily contain data rather than executable code. However, always ensure files come from a trusted source.