Hello all,
Just wanted to report that Nuix's ProofFinder tool (
OLK MESSAGE files are individual email messages that Microsoft Outllook stores emails as on MacBooks.
I tried multiple other forensic tools (and Outlook 2016 and Mozilla Thunderbird) to present the OLK files in a format which could be reviewed by an attorney and only ProofFinder could properly process these email messages such that the headers and body were legible.
Hope this helps anyone else in the future grappling with this OLK format.
Excellent news!
I use emailchemy to convert the mac mail data to an mbox. One reason why it is needed is because the attachments are not associated to the email.
Interestingly, I also found an "outlook.sqlite" file on the MacBook.
Internet Evidence Finder could process the "outlook.sqlite" file and converted the file to 12,700 "emails" with varying amounts of recovered information (some records had metadata and others did not).
I have not checked but possibly the "outlook.sqlitedb" file has pointers to the OLKMessage files.