Home About Us Sign Up Downloads FAQ Contact Us
 
Previewing PST Files

..................................................................................................................................................

Searching and Previewing PST files from Suspect.

Using OnScene Investigator you can connect the suspect and copy all e-mail with a few simple steps.

Step 1 Connect to the Suspect computer in the usual way.

 Step 2 Select all partitions and click the e-mail search button Search Email

OnScene Investigator will search for the following email types

The following is a list of the mail files currently detected.
PST - Outlook - Personal Storage Table
OST - Outlook - Offline storage Table
DBX - DBX - (Outlook Express 5, 6)
IDX - AOL - Temporary Internet Mail File
MBX - Eudora and others - Mailbox Message File
EML - Outlook Express and other - Electronic Mail
MSG - Outlook and others - Exchange Mail Message
NSF - Lotus Notes File
NS4 - Notes Database (Older Form)
NS3 - Notes Database (Older Form)
NS2 - Notes Database (Older Form)
WAB - Outlook Address Book
MSF - EarthLink E-mail Message File
EDB - Exchange Data Base

Manually viewing PST files / structured searching

Using OSI to search and preview the suspects email.

  • Searching From / To / Cc / BCc information
  • Limiting the number of recipients
  • Limiting to emails with attachments only
  • Keyword searches
  • Previewing attachments

     

Computer Forensics Experts

Creating an Image with OSI

Previewing PST Files

On Scene Computer Forensics

Copy with MD5 report

Windows Recycle Bin

Computer Forensics For Apple Mac

Viewing the Internet Cache

Registry Hives

Using OnScene Investigator

Using Registry LHF

Down Data Sheet

Uses for OnScene Investigator

Project Roadmap



Find a Reseller

Become a Reseller


Training Certification


 
 
 

Previewing and searching PST files

Locate a PST file then double click on it.

This will cache the PST to the Investigator PC (It will be deleted when OSI closes the connection).

Once the PST has been cached to the local PC it will open in OnScene Investigator Email View tab (a 1 gig PST takes approximately 2-3 minutes to cache).

Now you can open the email search window by selecting the Email Search button

Search queries can be built using the AND / OR operators. You can search for From: Peter AND To:John Will find all mail that has Peter in the From field and must have John in the To field.

Show e-mails with 1 to 5 recipients can be used to limit the results to show only emails that have X number or recipients. We find that most important emails are only sent to a single / few recipients. This function can be used to filter email to mass groups.

Show e-mails with X number of attachments can be used to show search results with attachments.

Case Sensitive matches the type case of the search

Exact keyword match this option will limit the search to only fine the exact word. Without this option Ken will find broken.  

Email Tracer

The email tracer gives a visual indicator of the recipient information from a search.

To use this function search for any relevant email address or keyword for your matter.  Once the search has completed click the Email Tracer tab.

This will open the Email Tracer graph

 

Searches that contain a large number of results will result in a complex Email Tracer graph. Further filtering these results will clarify the Email Tracer results.

Reading attachments

1: The & denotes the email has an attachment

2: All attachments will be listed in the drop down menu. Select an attachment and it will be previewed in the preview window.

3: The preview window (click here if Office documents do not preview but prompt to open)
Home I Site Map I About Us I Help I Terms & Conditions
Copyright 2007 www.forensicsmatter.com All Rights Reserved.