A user’s Outlook data for IMAP, POP3, and web-based mail accounts are stored in the Microsoft Outlook PST file. It holds a tree structure with nodes & leaves to store items within the folder. Custodian Outlook PST email files have three basic parts to be analyzed i.e. headers, body & attachments that preserve evidence.
Carl Wilson: Reporting 24X7 from HOLLADAY
Carl Wilson | September 25, 2020 | 12:15:10
Since two days, the LIVE CHAT panel repeatedly popped up with a query that stated, “Looking for a solution to perform search inside PST files without having Outlook installed. Please help”. So, here goes the most preferable solution (Always love to figure out some time for my clients from the busy schedule!). The solution postulated can come up with use to digital forensic investigators, attorneys, law enforcement agencies, and even to the corporate administrators too.
For forensic investigators, it is not always possible to have MS Outlook installed on the machine as the additional requirement. But the need to investigate or peep into Outlook PST files can come up anytime and anywhere.
In order to search inside PST files without Outlook, the most appropriate solution available till this date is MailXaminer. It is a specialized forensic tool, which can be used to search for evidence inside the PST files without Outlook. Make sure that the evidence PST file has been exported to the same machine on which the software exists.
NOTE: – If you don’t have the software installed, then you can get it by placing an order from the following section: –
For the demo version, to get an insight into the tool, contact at: –
MailXaminer is a reliable Digital Forensics Investigation Tool that allows searching inside the PST file without installation of Microsoft Outlook Email Client. It provides the following features:
To search the data present inside the PST file without Outlook, download and launch the MailXaminer and follow steps given below to perform the search operation.
Step 1: Case Management
For PST file examination, firstly user needs to add the suspected PST file into the software by creating “New Case”. If the user has previously created and saved any case, then it can be opened to resume examination by using “Open Case” option. On the other hand, “Import Case” option can be used to import any exported case into the software for further investigations.
Step 2: Add PST File
To add the file into forensic software for examination, click on “Add Evidence” tab. An “Add File” window will pop-up, select Microsoft Outlook (*.pst) option and browse the suspected PST data file to add it into the MailXaminer.
NOTE: – In order to open the PST file or to perform any kind of operation on it, installation of Microsoft Outlook is not required in MailXaminer software.
Step 3: Search Option in MailXaminer
Once the PST file gets uploaded and scanned by the software, one can perform in-depth investigation of the files. For that, go to “Search” section of the tool by clicking on the Search option, which is available on the left menu panel. It provides several searches based on advanced algorithms such as General Search, Proximity Search, Regular Expression, Stem Search, Fuzzy Search, and Wildcard Search. With the help of these searching options, users can extract the required evidential files in a hassle-free manner.
Step 4: Use Search Criteria and Logical Operators
The tool provides options to customize the search by adding criteria while searching in evidential files. Use Add Criteria option and Logical Operators such as AND, OR, NOT to filter the search result more accurately.
Step 5: Extract Evidence with Keyword Searches
Under “Keyword” section of the MailXaminer tool, users can instantly fetch the evidential files by providing related keywords. In this process, tool automatically scans the entire email files, and extracts resultant files which corresponds to the mentioned keywords. Any number of keywords can be provided by the user in order to customize the searching of evidential data.
With more exploration of the available features, techies can search inside the PST files that too without having Microsoft Outlook installed with this powerful software.
In order to perform email forensics analysis of suspected Outlook PST files, one has to find the artefacts related to the occurred cybercrime. For that, MailXaminer is one of the most power-packed and super-fast software, which works with 100% precision because of its advanced functionalities. This forensic tool not only lets you to access the PST file without Outlook, but also performs a variety of searches on data file to carve out the evidence in a detailed manner.
Carl Wilson, signing off for the day.
Have more queries? Do let us know. For more contact options, please visit: –