E-mail investigation
E-mail is one of the most-used methods of communication nowadays, especially in corporate environments. Sending, receiving, or reading e-mails leaves traces in the electronic devices. These traces could help in analyzing cases of targeted attacks, blackmail, espionage, information leakage, and harassment. Traces of e-mail differ according to the way of using the e-mail account, either by webmail or an installed e-mail client.
In webmail, browser investigation and memory forensics could help in retrieving some e-mail data and even in some cases recover access credentials for the e-mail account. In this section, we will discuss the Outlook e-mail client artifacts on the machine.
Outlook PST file
There are many e-mail clients on the market. Outlook from Microsoft is one of the most-used clients. Outlook stores all the messages, contacts, and calendar in a Personal File Folder (PFF) file. One of the PFFs is theĀ Personal Storage Table (PST) file and is saved by default in the...