Logical File Evidence Format

application/octet-stream

Safe

Magic Bytes

Offset: 0
4D 2D 57 20 50 6F 63 6B 65 74 20 44 69 63 74 69

The Logical File Evidence Format is a digital forensic container designed to preserve specific files and metadata extracted from storage media. It is primarily utilized by investigators to isolate and analyze relevant evidence without processing an entire physical disk image. While inherently safe due to its read-only structure, this format is frequently encountered in legacy investigations and requires specialized forensic software to ensure data integrity during the review process.

Extension

.lnn

MIME Type

application/octet-stream

Byte Offset

0

Risk Level

Safe

Validation Code

How to validate .lnn files in Python

Python 
def is_lnn(file_path: str) -> bool:
    """Check if file is a valid LNN by magic bytes."""
    signature = bytes([0x4D, 0x2D, 0x57, 0x20, 0x50, 0x6F, 0x63, 0x6B, 0x65, 0x74, 0x20, 0x44, 0x69, 0x63, 0x74, 0x69])
    with open(file_path, "rb") as f:
        return f.read(16) == signature

How to validate .lnn files in Node.js

Node.js 
function isLNN(buffer: Buffer): boolean {
  const signature = Buffer.from([0x4D, 0x2D, 0x57, 0x20, 0x50, 0x6F, 0x63, 0x6B, 0x65, 0x74, 0x20, 0x44, 0x69, 0x63, 0x74, 0x69]);
  return buffer.subarray(0, 16).equals(signature);
}
Go 
func IsLNN(data []byte) bool {
    signature := []byte{0x4D, 0x2D, 0x57, 0x20, 0x50, 0x6F, 0x63, 0x6B, 0x65, 0x74, 0x20, 0x44, 0x69, 0x63, 0x74, 0x69}
    if len(data) < 16 {
        return false
    }
    return bytes.Equal(data[:16], signature)
}

API Endpoint

GET /api/v1/lnn
curl https://filesignature.org/api/v1/lnn

Related Formats

.lxnn .exnn .efx .mar .zap .cdr .tex .acfm .wmv