Is it possible to search with in PST using WinHex Logical search?
I know this is possible in EnCase but not to sure if the same is possible in WinHex or X-Ways Forensics.
Disk tools "File Recovery by type " you do raw recover by Outlook PST files search lol
Thanks but I am looking at search with out extracting the files, this for following reasons
I would want to search for traces of mail conversation possible in free space - for deleted pst files or msg files.
I have over 100 pst files but want to select only those pst where the hits appear for further analysis.
You can do this with X-Ways - the options you'll need are under the Refine Volume Snapshot menu. If you need PSTs from free space, you'll need to carve and attempt to extract the contents of those archives before running your keyword search. You can do all of this in one shot by selecting the appropriate options from the Refine Volume Snapshot menu (file header signature search, extract email messages, and simultaneous search). I would advise that you run any other appropriate options from the RVS menu at that time too if you haven't already done so.
HTH
You can do all of this in one shot by selecting the appropriate options from the Refine Volume Snapshot menu (file header signature search, extract email messages, and simultaneous search).
HTH
Thanks for the reply but what version of X-ways does this feature appear?
Thanks for the reply but what version of X-ways does this feature appear?