Email forensics and Advanced Outlook Analysis – How to use “Data Extraction Kit for Outlook” for advanced analysis, email forensics and e-crime investigation – step-by-step guide…
Data Extraction Kit for Outlook is a versatile Outlook data extraction, conversion, migration, email forensics and analysis tool. In this article, we will explain how to use the program for conducting forensics analysis, internal investigations and data collection.
Step 1
Once you’ve downloaded and installed the program, run it from the Start menu or use a shortcut on your desktop.
* - The unregistered version converts a limited number of messagesSoftware installs two shortcuts – one for 32-bit and another for 64-bit software. The software and Outlook bit should match. If you have 32-bit Otulook installed, you have to run 32-bit shortcut, if Outlook is 64-bit, you have to run 64-bit Outlook.
You will see the main program window divided into several key areas: control panels on the left that are used for configuring the settings of the data conversion process and applying item filters, a process log area on the right-hand side of the screen and a Reports button located at the top.
Step 2
Click the Reports button to open a drop-down menu prompting you to select one of the two possible sources: an Outlook profile or a standalone PST file. If you want to generate a report on the contents of an Outlook profile used on this computer, go with the first option.
If you have a PST file copied from the source system, choose the second option. In both cases, the program will ask you to specify the name and location of the destination file, as well as the name of the source Outlook folder or PST file.
You will be prompted to specify the Outlook folder to get data from. Here you have to select one of available Outlook or PST folders and press Done button. To export all Outlook folders and subfolders you may choose the root one (it is called “EML to Outlook Transfer” on the example picture).
Step 3
Once done, the program will generate a detailed report in the form of a CSV (comma-separated values) file. This file can be immediately opened in Microsoft Excel (or any other supported software) for further analysis using its powerful search and filtering tools.
Example
Let’s consider the following situation: you know that a serious data leak occurred between October 1 and December 12, and that the email containing the leak is likely to have been sent to someone whose address is in the hotmail.com domain. Given that your email archive may contain thousands of email messages, locating a particular item meeting these criteria in Microsoft Outlook would be quite a challenging task. However, once you have all the information in Microsoft Excel, you can use its fast search, filter and sorting functions to quickly narrow down the search scope.
Excel lets you run searches on a particular sheet or workbook, search by rows and columns, narrow down the search scope to particular areas, make queries case-sensitive and more. In addition, Excel does a great job opening extre
mely large tables and allowing you to work with them with decent performance. Finding a particular piece of information is relatively easy with Excel using its data filtering and sorting tools. For instance, you can run the following query:
- The sender’s email address contains “Hotmail.com”
- The CC field is NOT blank
- The BCC field is NOT blank ( how to enable BCC field in Outlook )
to find emails from a potential suspect. Once you have the search results, you can identify messages with attachments and act according to circumstances.
Once you have located the necessary email or an entire thread, you know where you should be looking in your original file. Start Outlook and run a search using the criteria available in Excel, such as Subject and Date Range – and you are done!
You can now use Outlook data extractor software to extract this email (or set of emails) to any of the supported formats.
A non-standard way of using an Outlook data converter
As you can see, Data Extraction Kit for Outlook is more than just a powerful Outlook data extractor, PST to EML converter and migration tool. It’s a technically complex, yet easy-to-use solutions that gives you full control over the contents of PST files and allows you to find very specific information in email archives of any size.
