Outlook Forensics Investigation using E-Mail Examiner
Forensically examine hundreds of email formats including Outlook (PST and OST), Thunderbird, Outlook Express, Windows mail, and more. Paraben’s Email Examiner is one of the most comprehensive forensically sound email examination tools available. Email Examiner allows you to analyze message headers, bodies, and attachments. Email Examiner doesn’t just recover email in the deleted folders; it recovers email deleted from deleted items.
- Microsoft Outlook (PST)
- Microsoft Outlook Offline Storage (OST)
- America On-line (AOL)
- The Bat! (version 3.x and higher)
- Outlook Express
- Email file – RFC 833 Compliant(EML)
- Windows mail databases
- Plain Text mail
- Support for more than 750 MIME Types
First Download the E-Mail Examiner from here and install in victim pc and open E-Mail Examiner Click on ‘Create a New Case’ option.
New Case window will be open. Then click on next to proceed to next step.
Here in next step you have to enter the case name as DEMO and description details and click on finish to proceed to next step.
Here in next step you have to enter the Investigator name and email details and click on finish to proceed to next step.
Then it will ask for the file name to save your case in your specified location. Click on save option.
Now select MS Outlook Image option from source type which will add the outlook image evidence.
After selecting the evidence outlook Image, click on Open.
Now you have to select both option and click on ok to proceed next step.
Now you will see the case Demo is created, which will show you the hierarchy of the directories of the evidence outlook image. Now it will allow you to analyze the message header, bodies and attachments.
Author: Mukul Mohan is a Microsoft Certified System Engineer in Security and Messaging. He is a Microsoft Certified Technology Specialist with high level of expertise in handling server side operations based on windows platform. An experienced IT Technical Trainer with over 20 years’ Experience. You can contact him at firstname.lastname@example.org