Forensic question as a windows-noob. I am trying to look into an OLE2 "Compound File Binary Format" file. It seems to contain multiple streams that I can enumerate with e.g., https://github.com/microsoft/compoundfilereader but the actual data are so-called "steams" containing raw hex bytes. What exactly is a *stream*? Doesn't look like a file? Are there deeper decodings I should pursue? Is there a list of known serializations for e.g., arrays? I think the database contains sensor data.

Ah. Looks like I found this is directly serializing classes / types from the piece of software to disk. A bit hard to guess the struct from just the file, but not impossible.

I see wide-strings (UTF-16?), then a couple of unknown words and then a lot of integers with just one byte set, confirming that this is likely a series of sensor values stored as int. Nice.

@freddy what can possibly go wrong...

I am on Linux (or macOS), so I can't easily make use of whatever OLE stuff is in the windows library, but I suppose I could get somewhere close with the python `struct` package.

@buherator Let's assume these files are used for export and analysis only 🤫