I've just come across a reason to find out more about where MS Office (2003 in this case) stores its Journal information. Would like to view this information or export to plain text as well if possible.
But I've never seen any articles about using forensic tools or techniques in this area. Maybe I'm being dumb and am missing something really obvious?
Reason for asking is that a Leaver reportedly 'wiped' everything off his HD including all email (Outlook/Exchange). I'll get my hands on his HD in a few days (6 weeks after he left, Dumpster setting is 14 days, grrr) - I know, don't tell me. I'm hoping that he's just Deleted stuff and not used a specific system cleaner, so that System Logs, Recent Docs, Registry etc are still useful.
Using Discovery Attender to look in all areas of his Mailbox, it's come up with some Journal entries of a Journal / C nature rather than a Message / Mailbox nature, and would like to explore this further.
Anyone got any ideas?
I don't have an answer to your question directly because I haven't had to investigate the Journal but in you situation I'd use
Paul
Havent had to look at one for a while but it used to be the file offitems.log - had an interesting case many years ago where, after writing some software to decode it, we could show that a crucial document that was relied on in a case was opened a month after it was closed.
Unfortunately it was the document that our side were relying on oops
There is a case study on our web site http//