Validate CBK Files: Magic Bytes & Python/Node Examples | FileSignature

Magic Bytes

Offset: 0


            60 EA

The EnCase Case Backup (CBK) format is a proprietary forensic data structure developed by Guidance Software, now maintained by OpenText. These files function as automated backups for digital investigation projects, storing critical metadata, examiner notes, and bookmark data to prevent data loss during forensic processing. Primarily associated with legacy versions of the EnCase Forensic suite, the format is considered safe as it contains no executable code and serves strictly as a specialized database for recovery purposes.

Extension

.cbk

MIME Type

application/octet-stream

Byte Offset

0

Risk Level

Safe

Validation Code

How to validate .cbk files in Python

Python

def is_cbk(file_path: str) -> bool:
    """Check if file is a valid CBK by magic bytes."""
    signature = bytes([0x60, 0xEA])
    with open(file_path, "rb") as f:
        return f.read(2) == signature

How to validate .cbk files in Node.js

Node.js

function isCBK(buffer: Buffer): boolean {
  const signature = Buffer.from([0x60, 0xEA]);
  return buffer.subarray(0, 2).equals(signature);
}

Go

func IsCBK(data []byte) bool {
    signature := []byte{0x60, 0xEA}
    if len(data) < 2 {
        return false
    }
    return bytes.Equal(data[:2], signature)
}

API Endpoint

GET /api/v1/cbk


              curl https://filesignature.org/api/v1/cbk

EnCase case file

Magic Bytes

Validation Code

How to validate .cbk files in Python

How to validate .cbk files in Node.js

API Endpoint

Related Formats