Search Emails

OSForensics™ allows you to perform full-text searches within email archives used by many popular e-mail programs such as Microsoft Outlook, Mozilla Thunderbird, Outlook Express and more.

Indexing

The first stage in being able to search emails is to create an index of the archives in question. This can take some time but it is what allows for repeated fast searches later on.

An average computer can index about 10,000 average sized emails every 2 minutes.

Supported Email File Types

  • .pst (Outlook)
  • .mbox (Thunderbird, Eudora, Unix mail, and more)
  • .msg (Outlook)
  • .eml (Outlook Express)
  • .dbx (Outlook Express)

Note that OSForensics can index these formats without needing the corresponding e-mail client to be installed.

Additionally the indexing process is not limited to just emails, but can also index other files such as Word Documents and PDFs also making their contents available for searching.

Advanced Search Criteria

Once the index is created the searching can begin. A normal search will try and find any specified key words anywhere within the email. However emails can also be searched based on date, To, From or CC fields.

Email Search Criteria

Performance

Using the index searches can also be performed extremely fast. 20,000 emails can be searched in under a second, and searches can be performed repeatedly using the same index that only needs to be created once.

Email Viewer

Search e-mail archives and messages without needing to install the relevant e-mail program

Once an email of interest has been found it can be opened and viewed directly within OSForensics™ using the internal mail viewer. OSForensics can retrieve any e-mail message directly from the archives without the e-mail program (e.g. Outlook, Thunderbird) needing to be installed.

It does this by directly reading from the archive file formats used by the most popular e-mail programs.

Formats supported are:

  • .pst (Outlook)
  • .mbox (Thunderbird, Eudora, Unix mail, and more)
  • .msg (Outlook)
  • .eml (Outlook Express)
  • .dbx (Outlook Express)

You can view everything from the message headers to the various formats of the message stored or available (Text, HTML, Rich Text Format).

All file attachments can also be extracted from the selected archived e-mail message.

You can search across all content in the e-mail archives on the hard disk (quicker and much more effectively than Outlook) using OSForensics' E-mail Searching functionality.