Hi Experts,
We are trying to explore if there is any way we can extract metadata out of mail containers like pst and ost.
We do not wish to acquire any of the mail files/containers.
Primary Metadata of interest would limit to email metadata such as
1) Email Audience (Including email addresses )
2) Email Date
3) Email Subject
Any kind of input will be appreciated.
Regards,
The-Game
Remotely or do you have the files available?
I would think this is possible with PowerShell commands, but I cannot confirm for sure. Could be a direction you would want to research though.
Otherwise, you can mount the OST/PST in a forensic tool like EnCase (or similar software) and pull a report of the metadata fields. This could also be done remotely without acquiring it, just preview the file (although this may take time to run).
Here are some software options
https://
http//
http//
** I am not sure what you mean by "Metadata with acquisition", as forensic best practice is to acquire a forensically sound copy first, and then analyze. Perhaps your particular work task is NOT related to litigation (civil or criminal)?
You might want to use FTK Imager (free tool) to first make a forensically sound copy of the PST/OST file you want to extract metadata from before using one of the above tools.
Hi Experts,
Thanks for a quick response.
Well we do not wish to acquire data in any manner, hence no acquisition required.
All we need to see if it is possible if we can login to any local machine and just pull out list of emails with very limited fields like sender email id, receiver email id, subject and if possible date. All this needs to be done without accessing mails in outlook or without acquiring the mail containers and indexing them in nuix/intella or any other indexing tool.
Thanks
The-Game