Hello everybody. Does anyone have a clue or know the tool which can view a structure of file "WindowsMail.MSMessageStore". File contains a backup of a Windows Mail e-mail and it seems that passwords too.
Any help appreciated
From my research the “WindowsMail.MSMessageStore” file does not contain a backup of the Windows Mail contents. The file is effectively an index of the Mail properties displayed in the Windows Mail interface. i.e. this file contains information such as whom the email is from, the subject line and date. It does not appear to contain the full content of the emails. A potential forensic application for this file is that it can retain details of emails that have been deleted. This may prove useful if you wish to prove that your suspect had been in contact with another individual.
Windows Mail stores each email message as a separate file with a file extension of “.eml”. These separate .eml files are stored in folders on the hard disk drive that mirror the folder layout presented in Windows Mail.
Mail server and News server account details are stored in files named “account{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}.oeaccount”. These are XML formatted files.
From my research the “WindowsMail.MSMessageStore” file does not contain a backup of the Windows Mail contents. The file is effectively an index of the Mail properties displayed in the Windows Mail interface. i.e. this file contains information such as whom the email is from, the subject line and date. It does not appear to contain the full content of the emails. A potential forensic application for this file is that it can retain details of emails that have been deleted. This may prove useful if you wish to prove that your suspect had been in contact with another individual.
Windows Mail stores each email message as a separate file with a file extension of “.eml”. These separate .eml files are stored in folders on the hard disk drive that mirror the folder layout presented in Windows Mail.
Mail server and News server account details are stored in files named “account{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}.oeaccount”. These are XML formatted files.
Try FTK,
and you should be able to see all *.eml files, with complete emails as seen by the user.
and i guess, even Encase should be able to show up these eml, or Windows Mail files.
Thanks