Outlook Express Email Forensics – Explore DBX File Email Header

MailXaminer | May 22nd, 2020 | Forensics

Outlook Express is a discontinued email application, which was formerly known as Microsoft Internet Mail and News. It is designed in a manner to manage POP and IMAP accounts. Using this email application, one can compose and receive rich HTML emails. Alike other email clients, Outlook Express also stores all the emails in the local machine.

Across the globe, email clients are used as a weapon to carry out various illegitimate activities such as phishing, bullying, disclosure of confidential information, IP theft, etc. In the case of the Outlook Express email application, the offenders in various scenarios have a common perception that the activities performed by them remain anonymous on the internet. However, all the suspected evidence can be navigated by thoroughly examining the email header. With this help, we will let users know the smart yet genuine approach to efficiently perform Outlook Express email forensics.

Storage Folder Location of Outlook Express

All the Outlook Express email folders and messages, local IMAP folders and settings are stored in one folder designated as Store root folder. This folder is placed in the store root directory. The default location of this directory is:

C:\Documents and Settings\user_name\Local Settings\Application Data\Identities\Microsoft\Outlook Express

DBX Storage Location

Forensic Analysis of Outlook Express User Files

All the messaging information within the root directory is stored in the DBX (.dbx) file. DBX file is a folder, which is created by Outlook Express. Basically, it consists of email messages for a specific data item. These DBX files are of utmost importance in the forensic analysis as it is the file that originally stores all the data of Outlook Express, i.e. emails.

DBX Files

The different DBX files which stores data of Outlook Express includes the following:

  • Deleted Items.dbx
    Stores all the messages deleted from any Outlook Express folder. This file helps in retrieving emails deleted from any email folder by the culprit. In case, if he/she might have deleted emails to hide illegal actions that has been carried out.
  • Drafts.dbx
    Messages which were initiated but were not finished or sent are stored in drafts.dbx file. This file may prove helpful in retrieving the information saved in the unsent form.
  • Folders.dbx
    This is the master index file of Outlook Express and is essential in order to run Outlook Express. The folder should be handled with great caution as mishandling or mail structure corruption may lead to loss of vital information, including newsgroups and emails.
  • Inbox.dbx
    It is the account holder’s inbox which stores all the incoming emails. Information carved out from the inbox.dbx file is extremely important as it reveals the contacts and emails of users that the culprit has interacted with.
  • Sent Items.dbx
    Emails sent by the default user gets stored in the sent items.dbx file. Alike other files, it also proves to be a strong evidence to trace the culprit by detecting the conversation from the account holder’s end.

How to View Email Header in Outlook Express?

In order to view the email header of Outlook Express email messages, simply implement the below-mentioned steps:

  1. At first, Right-click the email message from which you need to examine the email header
  2. Then, go to File >> Properties >> Details tab
  3. From the Details tab, click Message Source option to view the email header.

Outlook Express Email Forensics

Email Header Analysis of Outlook Express Email Client

The email header of the Outlook Express email message consist of the following attributes, which are described in detail below:

  • From: It contains the email ID of the sender who has delivered the email message.
  • Date: This field consists of the date and time of the composed email from the senders end.
  • Subject: It denotes the subject or topic of the email message which is received at the recipient’s inbox.
  • MIME Version: This section displays the MIME (Multi-Purpose Internet Mail Extensions) version. It enables to find the MIME type which is supported by Outlook Express.
  • Content-Type: This field shows the information of MIME header fields. Moreover, it displays various parameters of the message body.
  • X-Priority: It includes values or tags which helps to know the priority of the message header.
  • X-MS Mail Priority: It denotes the priority of the email message on the basis of ranking.
  • X-MIME OLE: This field indicates the MIME type that is developed by Outlook Express.

Forensics of Outlook Express Email Using 100% Genuine Software

One can perform Outlook Express email forensics by analyzing the email headers as mentioned above. However, there are some drawbacks for the manual email analysis. This include requirement of enough knowledge for each parameter, extreme time-consumption, etc. Therefore, there comes a point wherein investigating officers search for some reliable Email Forensics Software like MailXaminer.

The software is remarkably designed to analyze the emails thoroughly using various advanced features. It provides 8+ preview options, powerful search options, smart analytics options and much more. All these amazing functionalities are incorporated in the software in a user-friendly interface.

Here’s How to Perform Outlook Express Email Forensics Using Tool

Step 1: Once the software is launched, click on Add Evidence button. This is followed by Add File wizard from which you need to select Outlook Express (*.dbx) file type. Upload DBX file using Browse button

Add DBX File

Step 2: After the file is uploaded to the software panel, all the files and folders associated with the DBX file will be shown under Mails Section. A preview of all the emails will be displayed here

Outlook Express Email Analysis

Step 3: The software provides a detailed view of email message in different preview modes. This include Normal Mail, Hex, Properties, Message Header, HTML, Email Hop, MIME, Attachments, etc.

Multiple DBX File Preview

Step 4: The forensic experts can effortlessly perform analysis using advanced search options. One can easily avail various search options such as General Search, Proximity Search, Regular Expression, Stem Search, Fuzzy Search, and Wildcard Search

Outlook Express Email Forensics Search

Step 5: The software also provides an out of the box analytics features which allows to perform in-depth email analysis. It includes Link Analysis, Entity Analysis, Timeline Analysis, and Word Cloud

Detailed DBX Email Analysis

Step 6: For the evidential files to export, the software provides various export file types such as CSV, HTML, PDF, EML, MSG, etc. Based on the requirement, one can choose the respective export file format option in which the resultant file will be converted according to the chosen file type.

Export Outlook Express Email Forensics

Closing Thoughts

To carry out a thorough and deep analysis of the Outlook Express emails, it is necessary to know where to start from. One can perform manual email message analysis by investigating the email headers. However, availing third-party email forensic software is best suggested over the manual methods. As a result, we have described a perfect yet trustworthy MailXaminer software to smartly collect artifacts rather than wasting time on the manual procedure.

With this software, the forensic examiners can deeply analyze the header of the emails and view the emails in multiple preview options. Moreover, it helps to reveal the inner details which can get overlooked easily while using the manual email header analysis.