Making email migration an easy ride - time after time!

E-mail Forensics and Advanced Outlook Analysis

How to use “Data Extraction Kit for Outlook” for advanced analysis, e-mail forensics and e-crime investigation – step-by-step guide

Data Extraction Kit for Outlook is a versatile Outlook data conversion, migration, email forensics and analysis tool. In this article, we will explain how to use the program for conducting forensics analysis, internal investigations and data collection.

Using Data Exctaction Kit for the email forensic and e-crime investigation

Step 1

Once you’ve downloaded and installed the program, run it from the Start menu or use a shortcut on your desktop. You will see the main program window divided into several key areas: control panels on the left that are used for configuring the settings of the data conversion process and applying item filters, a process log area on the right-hand side of the screen and a Reports button located at the top.

Step 2

Click the Reports button to open a drop-down menu prompting you to select one of the two possible sources: an Outlook profile or a standalone PST file. If you want to generate a report on the contents of an Outlook profile used on this computer, go with the first option. If you have a PST file copied from the source system, choose the second option. In both cases, the program will ask you to specify the name and location of the destination file, as well as the name of the source Outlook folder or PST file.

Step 3

Once done, the program will generate a detailed report in the form of a CSV (comma-separated values) file. This file can be immediately opened in Microsoft Excel (or any other supported software) for further analysis using its powerful search and filtering tools.

Example

Let’s consider the following situation: you know that a serious data leak occurred between October 1 and December 12, and that the email containing the leak is likely to have been sent to someone whose address is in the hotmail.com domain. Given that your email archive may contain thousands of email messages, locating a particular item meeting these criteria in Microsoft Outlook would be quite a challenging task. However, once you have all the information in Microsoft Excel, you can use its fast search, filter and sorting functions to quickly narrow down the search scope.

Excel lets you run searches on a particular sheet or workbook, search by rows and columns, narrow down the search scope to particular areas, make queries case-sensitive and more. In addition, Excel does a great job opening extremely large tables and allowing you to work with them with decent performance. Finding a particular piece of information is relatively easy with Excel using its data filtering and sorting tools. For instance, you can run the following query:

  • The sender’s email address contains “Hotmail.com”
  • The CC field is NOT blank
  • The BCC field is NOT blank

to find emails from a potential suspect. Once you have the search results, you can identify messages with attachments and act according to circumstances.

Once you have located the necessary email or an entire thread, you know where you should be looking in your original file. Start Outlook and run a search using the criteria available in Excel, such as Subject and Date Range – and you are done!

You can now use Outlook data extractor software to extract this email (or set of emails) to any of the supported formats.

A non-standard way of using an Outlook data converter

As you can see, Data Extraction Kit for Outlook is more than just a powerful Outlook data extractor, PST to EML converter and migration tool. It’s a technically complex, yet easy-to-use solutions that gives you full control over the contents of PST files and allows you to find very specific information in email archives of any size.