Skip to content

EnCase® Evidence File Format Version 2 (.exnn)

.exnn file signature | application/octet-stream

EnCase® Evidence File Format Version 2.nnare the segment sequence number, taking on values 00..99, AA, AB...AZ, BA, BB...BZ, etc.See theEWF 2 specification.

Safe

Magic Bytes

Offset 0
45 56 46 32 0D 0A 81

Sources: Gary Kessler

Extension

.exnn

MIME Type

application/octet-stream

Byte Offset

0

Risk Level

Safe

Validation Code

How to validate .exnn files in Python

Python 
def is_exnn(file_path: str) -> bool:
    """Check if file is a valid EXNN by magic bytes."""
    signature = bytes([0x45, 0x56, 0x46, 0x32, 0x0D, 0x0A, 0x81])
    with open(file_path, "rb") as f:
        return f.read(7) == signature

How to validate .exnn files in Node.js

Node.js 
function isEXNN(buffer: Buffer): boolean {
  const signature = Buffer.from([0x45, 0x56, 0x46, 0x32, 0x0D, 0x0A, 0x81]);
  return buffer.subarray(0, 7).equals(signature);
}

How to validate .exnn files in Go

Go 
func IsEXNN(data []byte) bool {
    signature := []byte{0x45, 0x56, 0x46, 0x32, 0x0D, 0x0A, 0x81}
    if len(data) < 7 {
        return false
    }
    return bytes.Equal(data[:7], signature)
}

API Endpoint

GET /api/v1/exnn
curl https://filesignature.org/api/v1/exnn

See the full API documentation for all endpoints and parameters.

Frequently Asked Questions

What is a .exnn file?

A .exnn file is a EnCase® Evidence File Format Version 2 file. EnCase® Evidence File Format Version 2.nnare the segment sequence number, taking on values 00..99, AA, AB...AZ, BA, BB...BZ, etc.See theEWF 2 specification.

What are the magic bytes for .exnn files?

The magic bytes for EnCase® Evidence File Format Version 2 files are 45 56 46 32 0D 0A 81 at byte offset 0. These bytes uniquely identify the file format regardless of the file extension.

How do I validate a .exnn file?

To validate a .exnn file, read the first bytes of the file and compare them against the known magic bytes (45 56 46 32 0D 0A 81) at offset 0. This is more reliable than checking the file extension alone, as extensions can be renamed.

What is the MIME type for .exnn files?

There is no officially registered MIME type for .exnn files. Systems typically use application/octet-stream as a generic fallback when handling this format.

Is it safe to open .exnn files?

EnCase® Evidence File Format Version 2 (.exnn) files are generally safe to open. They are classified as low risk because they primarily contain data rather than executable code. However, always ensure files come from a trusted source.