Skip to content

EX01 (.ex01)

.ex01 file signature | application/octet-stream

EX01 is a forensic disk image format developed by Guidance Software, now maintained by OpenText as part of EnCase. It is used to preserve and analyze digital evidence from hard drives, removable media, and other storage devices in incident response and criminal investigations. The format is generally safe to handle, but like other evidence containers it should be examined with trusted forensic tools; EX01 is a successor to earlier E01 evidence files.

Safe

Magic Bytes

Offset 0
45 56 46 32

Sources: Wikipedia

Extension

.ex01

MIME Type

application/octet-stream

Byte Offset

0

Risk Level

Safe

Validation Code

How to validate .ex01 files in Python

Python 
def is_ex01(file_path: str) -> bool:
    """Check if file is a valid EX01 by magic bytes."""
    signature = bytes([0x45, 0x56, 0x46, 0x32])
    with open(file_path, "rb") as f:
        return f.read(4) == signature

How to validate .ex01 files in Node.js

Node.js 
function isEX01(buffer: Buffer): boolean {
  const signature = Buffer.from([0x45, 0x56, 0x46, 0x32]);
  return buffer.subarray(0, 4).equals(signature);
}

How to validate .ex01 files in Go

Go 
func IsEX01(data []byte) bool {
    signature := []byte{0x45, 0x56, 0x46, 0x32}
    if len(data) < 4 {
        return false
    }
    return bytes.Equal(data[:4], signature)
}

API Endpoint

GET /api/v1/ex01
curl https://filesignature.org/api/v1/ex01

See the full API documentation for all endpoints and parameters.

Related Formats

.exnn

Frequently Asked Questions

What is a .ex01 file?

A .ex01 file is identified by the magic bytes 45 56 46 32 at byte offset 0. EX01 is a forensic disk image format developed by Guidance Software, now maintained by OpenText as part of EnCase. It is used to preserve and analyze digital evidence from hard drives, removable media, and other storage devices in incident response and criminal investigations. The format is generally safe to handle, but like other evidence containers it should be examined with trusted forensic tools; EX01 is a successor to earlier E01 evidence files.

What are the magic bytes for .ex01 files?

The magic bytes for EX01 files are 45 56 46 32 at byte offset 0. These bytes uniquely identify the file format regardless of the file extension.

How do I validate a .ex01 file?

To validate a .ex01 file, read the first bytes of the file and compare them against the known magic bytes (45 56 46 32) at offset 0. This is more reliable than checking the file extension alone, as extensions can be renamed.

What is the MIME type for .ex01 files?

There is no officially registered MIME type for .ex01 files. Systems typically use application/octet-stream as a generic fallback when handling this format.

Is it safe to open .ex01 files?

EX01 (.ex01) files are generally safe to open. They are classified as low risk because they primarily contain data rather than executable code. However, always ensure files come from a trusted source.