We are seeing more and more occurrences of corrupted (windows Live Messenger) Contacts.edb file that EseDbViewer or LiveContactsView cannot open.
I've read that a Microsoft tool, ESENTUTIL could be able to repair those corrupted (dirty) files and make them viewable. However, I could not find any documentation on what the tool actually does to "repair" the files. On a forensic standpoint, I'm not sure I would be ready to testify about an EDB file that has been modified in a way that I can't explain. U
Unfortunately, magic is not yet recognized as a forensic technique yet… )
So, I would like to know if you guys actually use the ESENTUTIL tool?
Does anyone know in more details what it actually does to the edb file? Does it change the metadata or the actual data of the file?
Hi,
hope that can help
I did not test but I've found this command too
esentutl /p ".\contacts.edb" /o
Thierry
Pierre-Marc
I am travelling at present but if you send me an email to remind me I will send you a document that I have when I get home Monday.
H
You can also try
http//
It ignores the dirty state and just tries to read the database.
Pierre-Marc
I am travelling at present but if you send me an email to remind me I will send you a document that I have when I get home Monday.
H
H,
Thx. However, I'm startin a 2 week vacation, so I won't be able to send you an email on monday. I'll send it when I get back.
@joachimm thanks, I'll look into it when I get back.