DBF forensics plays most important role in forensic investigations. Investigators generally trust on DBF file for finding any clue from source file. The DBF file is a database format file which contains the attribute information. It is produced by long lived database application dbase. DBF is a common file format for information . It can be opened in Microsoft Excel or MS Access. DBF files are mainly used to organize the data.
Cyber crime investigators firstly search the directory to find an evidence. NTFS file system creates a database of computer directory report in .dbf file. This file can be accessed by Microsoft Excel, Open Office Calc and many other similar kind of applications. The MD5 hash value is used to determine an identical contents and to check whether the contents have altered or not. When Cyber crime related cases are found then investigator recovers the .dbf file first to find an evidence.

Causes For Loss Of DBF Files

  • Virus intrusion
  • File deletion through window DOS
  • Deletion of DBF files

Types Of Information Found In DBF Forensics

A DBF forensic is composition of header, Data records, deletion flag and end of file marker.

  • Header- It contains information of file structure
  • Data records– It contains the actual data
  • Deletion flag– One byte of each record is reserved for the deletion flag

A DBF file contains the data organized in database according to fields and records. Each database field can contain one type of data, and each records can hold one data value for each field.


DBF file is most important file for examination. Basically, In some cyber crime investigation DBF file could be important evidence. In this article, I have described important details like type of information in DBF files, causes for losing DBF file and how to recover lost DFB file.