I'm working on an E-Discovery case and I am looking to find a tool that would extract all embedded e-mail messages from an Outlook PST file. (Basically if a user inserts/attaches another Outlook message within another message, I'd like to get these attached messages extracted).. Does anyone know of a tool that can do this? Free or commercial…
Thanks!
b0dhi
I'm working on an E-Discovery case and I am looking to find a tool that would extract all embedded e-mail messages from an Outlook PST file. (Basically if a user inserts/attaches another Outlook message within another message, I'd like to get these attached messages extracted).. Does anyone know of a tool that can do this? Free or commercial…
Thanks!
b0dhi
Aid4Mail. I believe, off hand, that you have the option to extract only attachments.
Try the Software "Intella" from Vound software. It's commercial but you can download a trial version.
I use it right now in a case with several pst-Files, works fine
Siggi
There is one opensource tool available at http//
I was looking through the Computer forensic papers on this website and saw it.
http//www.forensicfocus.com/computer-forensics-papers
Its located under March 2009 heading.
Cheers.
Intella is very good and has relationship mapping as well.
E-Mail Examiner from Paraben.
Hot Pepper E-Mail Detective.
Those are a few I use.
In X-Ways Forensics you would
- extract all e-mail messages and attachments from the PST files (with the non-MAPI method)
- explore recursively
- filter for extracted e-mail messages that at the same time are child objects of files (i.e. attachment of other e-mail messages)
Stefan
Another vote for Aid4Mail. If you are looking for a commercial (but inexpensive) tool,I believe you should give it a try. When talking about "general purpose" toolkits, I usually find it useful to extract individual mails or attachment by using EnCases. Much more expensive,though.
Thanks for the info guys.. I'll check them out!
Discovery Attender for Exchange from Sherpa Software. Commercial product but not too expensive, plus does Exchange Mailboxes, Notes, and files. Can search by content or metadata. Plus has tool for converting o********t.
Been using it for 3 years, like it a lot. Downside is no indexing so searches aren't quick if you've got a big data estate, upside is that you don't have to wait for an index to complete!
Plus good reporting once you assemble all the bits, plus you can take actions on responsive hits, Ignore others, mark and label etc.
Cheers
I have been using X-Ways for these purposes for ages.