Hi, hope someone can help. I need a tool which can perform key word/text string searches on pst files on the usual areas; from, to, cc, bcc, subject, body text and attachments. Not enterprise (our security people are a bit restrictive) but capable of sitting on a Windows laptop and ingesting multiple large files.
I've had a look at previous forum searches but don't have the budget to run to Nuix, FTK etc. From my research there are a number of tools that look reasonably good at a not too expensive price - Lookeen, X1 Search, Xobni, Copernic, PST Walker and PST Viewer but I wondered does anyone have any experience and could make a recommendation on what they would consider the best.
Many thanks
Mark
Passmark’s OSForensics tool works very well with PST files from my own experiences.
OSForensics also allows tagging and report generation of tagged emails.
There are a few open source tools available at no cost.
To list just a few
Command line
Grep
Outlookpst
You can use outlookpst to extract the content of the pst file
And extract the information you need from the emails using grep.
GUI
Autopsy
Evolution email client Just import the pst file and search the contents of the emails using regular expressions or keywords.
I usually use Belkasoft Evidence Center for this kind of tasks. I choose this because of the forensically sound way of doing things, organized search and artifact sources, timeline, log generation, etc.
I think that other forensic softwares would work fine as well, always use what is the best for your task.
Guys
Many thanks
Mark
How did you solve your task after all ?! What was the program you used for your analysis ?
Fore future reference, Microsoft seem to have made a tool for this Outlook-to-text-converter. Haven't tried it, seem to be compatible from XP to Windows 10, Server 2008-2016.
https://
passcodeunlock - haven't purchased anything yet, still doing the research. I procured a product called MailExaminer previously and it turned out not to be particularly good at dealing with large volume PSTs so I want to make sure I get it right this time.