EnCase® Evidence File Format Version 2

application/octet-stream

Safe

Magic Bytes

Offset: 0
45 6C 66 46 69 6C 65 00

EnCase® Evidence File Format Version 2 (EXNN) is a proprietary forensic container format developed by Guidance Software and currently maintained by OpenText. It is used in digital investigations to store bitstream images of storage media while employing lossless compression and encryption to preserve evidence integrity. Designed to supersede the legacy E01 standard, this updated format provides additional security protocols and requires specialized digital forensic software for data verification and analysis.

Extension

.exnn

MIME Type

application/octet-stream

Byte Offset

0

Risk Level

Safe

Validation Code

How to validate .exnn files in Python

Python 
def is_exnn(file_path: str) -> bool:
    """Check if file is a valid EXNN by magic bytes."""
    signature = bytes([0x45, 0x6C, 0x66, 0x46, 0x69, 0x6C, 0x65, 0x00])
    with open(file_path, "rb") as f:
        return f.read(8) == signature

How to validate .exnn files in Node.js

Node.js 
function isEXNN(buffer: Buffer): boolean {
  const signature = Buffer.from([0x45, 0x6C, 0x66, 0x46, 0x69, 0x6C, 0x65, 0x00]);
  return buffer.subarray(0, 8).equals(signature);
}
Go 
func IsEXNN(data []byte) bool {
    signature := []byte{0x45, 0x6C, 0x66, 0x46, 0x69, 0x6C, 0x65, 0x00}
    if len(data) < 8 {
        return false
    }
    return bytes.Equal(data[:8], signature)
}

API Endpoint

GET /api/v1/exnn
curl https://filesignature.org/api/v1/exnn

Related Formats

.lxnn .lnn .efx .evtx .mdi .enn .php3 .ppz .tld