Windows 10 Mail App

guillef · 2018-10-08T15:57:44Z

I need to extract all email messages stored in"Windows Mail" app of Windows 10 (including body and attachments), preferably as eml.Any tool or script available for this task?As far as I know AXIOM, X-Ways and Encase don't support it.

Page 2 / 2 Prev

General (Technical, Procedural, Software, Hardware etc.)

Last Post by Cbryant34 7 years ago

12 Posts

6 Users

0 Reactions

6,236 Views

RSS

jaclaz

(@jaclaz)

Illustrious Member

Joined: 18 years ago

Posts: 5133

10/10/2018 6:20 pm

The book is this one
https://books.google.com/books?id=XJZGDwAAQBAJ

Windows Forensics Cookbook

Oleg Skulkin, Scar de Courcier
Packt Publishing Ltd, 4 ago 2017 - 274 pages

Maximize the power of Windows Forensics to perform highly effective forensic investigations

But it only explains the same folder structure as guillef described and uses FTK Imager, though the process is manual.

It *seems* like the full FTK can actually parse the ESE database
https://www.reddit.com/r/computerforensics/comments/7zho66/windows_10_mail_app/
but cannot rreally say how itr behaves with contents of \3 and \7 folders.

As well the little Nirsoft tool
https://www.nirsoft.net/utils/ese_database_view.html
can actually read the ESE database and export it in several more "digestable" formats, but how it behaves specifically with Windows Mail and its stupid folders is to be seen.

jaclaz

ReplyQuote

Cbryant34

(@cbryant34)

New Member

Joined: 7 years ago

Posts: 3

26/11/2018 6:36 pm

Hey folks - Cody here from Magnet Forensics. Just wanted to update Jamie's last post to say that Windows 10 mail support was added to AXIOM in version 2.7.0. Let me know if you've got any questions or feedback.

Thanks,
Cody Bryant

ReplyQuote

Page 2 / 2 Prev

8 Forums
15.7 K Topics
92.3 K Posts
231 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed