E01

application/octet-stream

Safe

Magic Bytes

Offset: 0
45 56 46

The EnCase Evidence File (E01) is a proprietary digital forensic image format originally developed by Guidance Software and currently maintained by OpenText. Forensic examiners utilize this standard to store exact bit-for-bit copies of storage media while preserving associated metadata, integrity hashes, and compression settings. As an industry standard for digital investigations, the format ensures data immutability and is supported by forensic analysis tools to maintain the chain of custody.

Extension

.e01

MIME Type

application/octet-stream

Byte Offset

0

Risk Level

Safe

Validation Code

How to validate .e01 files in Python

Python 
def is_e01(file_path: str) -> bool:
    """Check if file is a valid E01 by magic bytes."""
    signature = bytes([0x45, 0x56, 0x46])
    with open(file_path, "rb") as f:
        return f.read(3) == signature

How to validate .e01 files in Node.js

Node.js 
function isE01(buffer: Buffer): boolean {
  const signature = Buffer.from([0x45, 0x56, 0x46]);
  return buffer.subarray(0, 3).equals(signature);
}
Go 
func IsE01(data []byte) bool {
    signature := []byte{0x45, 0x56, 0x46}
    if len(data) < 3 {
        return false
    }
    return bytes.Equal(data[:3], signature)
}

API Endpoint

GET /api/v1/e01
curl https://filesignature.org/api/v1/e01

Related Formats

.ex01 .me .fh10 .dat .enn .snn .bin .j2k .exnn