The most popular topic of discussion among forensic experts is how to perform OST file forensics approach for searching an evidence. Offline Storage Table (OST) file is a storage data file of Microsoft Outlook, which is a cache replica of Exchange Server mailbox on local machine. Its file extension is .ost and is generated on enabling the cache exchange mode while configuration of a new user profile with Microsoft Outlook. OST file allow users to maintain offline availability of data, which is a fundamental feature of Outlook. It uses Message Access Programming Interface (MAPI) protocol allows to maintain synchronization between Microsoft Outlook desktop application and Exchange Server user mailbox. MAPI client can make usage of this protocol by storing information and accessing them in offline mode.
It is very essential to know where to start with an approach of email forensics
in OST file. Gathering information about the file and observing the file structure is a part of the investigation procedure however, it isn’t completely relevant to conclude it too. Hence, we require a tool that provides functioning in such a manner, which analyzes the file structure, the attachments involved with each mail and other factors too. One such software is MailXaminer, which seamlessly performs OST file analysis without requiring the environment for access it. Moreover, provides quick and fast functioning, as a resultant the investigator gets ample of time to focus on the study of gathered evidence.