New Evidence File Format

With EnCase 7, a new evidence file format emerged, dubbed the Ex01 format. Following suit, a new logical evidence file format also emerged, dubbed the Lx01 format. This new format allows for encryption and extensibility. Originally, the compression format changed to BZIP, which is better for compressing files, but is also slower. Therefore, for performance issues, the LZ compression format was reinstituted with EnCase 7.02. The same information stored in the E01 format is stored in the Ex01 format; however, additional information is present, and the data format has been restructured, as shown in Figure 5-3.

When you acquire in EnCase 7, the default evidence file format will be the new format (Ex01 or Lx01 in the case ...

Get EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition by

New Evidence File Format

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly