Validate EX01 Files: Magic Bytes & Python/Node Examples | FileSignature

Magic Bytes

Offset: 0


            45 56 46 32

The EnCase Evidence File format (EX01) is a digital forensic container developed by OpenText (formerly Guidance Software) as the successor to the legacy E01 format. It is primarily utilized by forensic investigators to capture and store bit-stream images of storage media for legal analysis and evidence discovery. This specification integrates encryption and hashing algorithms to ensure data integrity and maintain a verifiable chain of custody for digital evidence.

Extension

.ex01

MIME Type

application/octet-stream

Byte Offset

0

Risk Level

Safe

Validation Code

How to validate .ex01 files in Python

Python

def is_ex01(file_path: str) -> bool:
    """Check if file is a valid EX01 by magic bytes."""
    signature = bytes([0x45, 0x56, 0x46, 0x32])
    with open(file_path, "rb") as f:
        return f.read(4) == signature

How to validate .ex01 files in Node.js

Node.js

function isEX01(buffer: Buffer): boolean {
  const signature = Buffer.from([0x45, 0x56, 0x46, 0x32]);
  return buffer.subarray(0, 4).equals(signature);
}

Go

func IsEX01(data []byte) bool {
    signature := []byte{0x45, 0x56, 0x46, 0x32}
    if len(data) < 4 {
        return false
    }
    return bytes.Equal(data[:4], signature)
}

API Endpoint

GET /api/v1/ex01


              curl https://filesignature.org/api/v1/ex01

Magic Bytes

Validation Code

How to validate .ex01 files in Python

How to validate .ex01 files in Node.js

API Endpoint

Related Formats