Outlook Express is a discontinued email application, which was formerly known as Microsoft Internet Mail and News. It is designed in a manner to manage POP and IMAP accounts. Using this email application, one can compose and receive rich HTML emails. Alike other email clients, Outlook Express also stores all the emails in the local machine.
Across the globe, email clients are used as a weapon to carry out various illegitimate activities such as phishing, bullying, disclosure of confidential information, IP theft, etc. In the case of the Outlook Express email application, the offenders in various scenarios have a common perception that the activities performed by them remain anonymous on the internet. However, all the suspected evidence can be navigated by thoroughly examining the email header. With this help, we will let users know the smart yet genuine approach to efficiently perform Outlook Express email forensics.
All the Outlook Express email folders and messages, local IMAP folders and settings are stored in one folder designated as Store root folder. This folder is placed in the store root directory. The default location of this directory is:
C:\Documents and Settings\user_name\Local Settings\Application Data\Identities\Microsoft\Outlook Express
All the messaging information within the root directory is stored in the DBX (.dbx) file. DBX file is a folder, which is created by Outlook Express. Basically, it consists of email messages for a specific data item. These DBX files are of utmost importance in the forensic analysis as it is the file that originally stores all the data of Outlook Express, i.e. emails.
The different DBX files which stores data of Outlook Express includes the following:
In order to view the email header of Outlook Express email messages, simply implement the below-mentioned steps:
The email header of the Outlook Express email message consist of the following attributes, which are described in detail below:
One can perform Outlook Express email forensics by analyzing the email headers as mentioned above. However, there are some drawbacks for the manual email analysis. This include requirement of enough knowledge for each parameter, extreme time-consumption, etc. Therefore, there comes a point wherein investigating officers search for some reliable Email Forensics Software like MailXaminer.
The software is remarkably designed to analyze the emails thoroughly using various advanced features. It provides 8+ preview options, powerful search options, smart analytics options and much more. All these amazing functionalities are incorporated in the software in a user-friendly interface.
Step 1: Once the software is launched, click on Add Evidence button. This is followed by Add File wizard from which you need to select Outlook Express (*.dbx) file type. Upload DBX file using Browse button
Step 2: After the file is uploaded to the software panel, all the files and folders associated with the DBX file will be shown under Mails Section. A preview of all the emails will be displayed here
Step 3: The software provides a detailed view of email message in different preview modes. This include Normal Mail, Hex, Properties, Message Header, HTML, Email Hop, MIME, Attachments, etc.
Step 4: The forensic experts can effortlessly perform analysis using advanced search options. One can easily avail various search options such as General Search, Proximity Search, Regular Expression, Stem Search, Fuzzy Search, and Wildcard Search
Step 5: The software also provides an out of the box analytics features which allows to perform in-depth email analysis. It includes Link Analysis, Entity Analysis, Timeline Analysis, and Word Cloud
Step 6: For the evidential files to export, the software provides various export file types such as CSV, HTML, PDF, EML, MSG, etc. Based on the requirement, one can choose the respective export file format option in which the resultant file will be converted according to the chosen file type.
To carry out a thorough and deep analysis of the Outlook Express emails, it is necessary to know where to start from. One can perform manual email message analysis by investigating the email headers. However, availing third-party email forensic software is best suggested over the manual methods. As a result, we have described a perfect yet trustworthy MailXaminer software to smartly collect artifacts rather than wasting time on the manual procedure.
With this software, the forensic examiners can deeply analyze the header of the emails and view the emails in multiple preview options. Moreover, it helps to reveal the inner details which can get overlooked easily while using the manual email header analysis.