Logical File Evidence Format (.lnn)

.lnn file signature | application/octet-stream

Logical File Evidence Format (EWF-L01) as used in Expert Witness Compression Format (EWF)for Guidance Software Encase. Byte offset 9 (i.e., byte #10) contains the segment number, starting with 0x01.nnare the segment sequence number, taking on values 00..99, AA, AB...AZ, BA, BB...BZ, etc.See theEWF specification.

Safe

Magic Bytes

Offset 0


              4C 56 46 09 0D 0A FF 00

Sources: Gary Kessler

Extension

.lnn

MIME Type

application/octet-stream

Byte Offset

Risk Level

Safe

Validation Code

How to validate .lnn files in Python

Python

def is_lnn(file_path: str) -> bool:
    """Check if file is a valid LNN by magic bytes."""
    signature = bytes([0x4C, 0x56, 0x46, 0x09, 0x0D, 0x0A, 0xFF, 0x00])
    with open(file_path, "rb") as f:
        return f.read(8) == signature

How to validate .lnn files in Node.js

Node.js

function isLNN(buffer: Buffer): boolean {
  const signature = Buffer.from([0x4C, 0x56, 0x46, 0x09, 0x0D, 0x0A, 0xFF, 0x00]);
  return buffer.subarray(0, 8).equals(signature);
}

How to validate .lnn files in Go

func IsLNN(data []byte) bool {
    signature := []byte{0x4C, 0x56, 0x46, 0x09, 0x0D, 0x0A, 0xFF, 0x00}
    if len(data) < 8 {
        return false
    }
    return bytes.Equal(data[:8], signature)
}

API Endpoint

GET /api/v1/lnn


              curl https://filesignature.org/api/v1/lnn

See the full API documentation for all endpoints and parameters.

Frequently Asked Questions

What is a .lnn file?

A .lnn file is a Logical File Evidence Format file. Logical File Evidence Format (EWF-L01) as used in Expert Witness Compression Format (EWF)for Guidance Software Encase. Byte offset 9 (i.e., byte #10) contains the segment number, starting with 0x01.nnare the segment sequence number, taking on values 00..99, AA, AB...AZ, BA, BB...BZ, etc.See theEWF specification.

What are the magic bytes for .lnn files?

The magic bytes for Logical File Evidence Format files are 4C 56 46 09 0D 0A FF 00 at byte offset 0. These bytes uniquely identify the file format regardless of the file extension.

How do I validate a .lnn file?

To validate a .lnn file, read the first bytes of the file and compare them against the known magic bytes (4C 56 46 09 0D 0A FF 00) at offset 0. This is more reliable than checking the file extension alone, as extensions can be renamed.

What is the MIME type for .lnn files?

There is no officially registered MIME type for .lnn files. Systems typically use application/octet-stream as a generic fallback when handling this format.

Is it safe to open .lnn files?

Logical File Evidence Format (.lnn) files are generally safe to open. They are classified as low risk because they primarily contain data rather than executable code. However, always ensure files come from a trusted source.