|
|
Article DetailsThis article covers the WindowsMail.MSMessageStore database used by Windows Mail. This article may serve as an aid to forensic examiners or data recovery technicians.
A short guide covering how to quickly gather all file signatures (file headers) from all files within a case for review and/or research purposes. This article will use the tools Header Grab Advanced, part of the Simple Carver Suite. This article may serve as an aid to forensic examiners or data recovery technicians.
A short guide covering how to quickly view and export search results from Winhex POS files to CSV format. This article may serve as an aid to forensic examiners or data recovery technicians.
A short guide covering how to quickly search for and detect any hidden worksheets present within a Microsoft Excel Workbook (xls and xlsx). This article will use the tools XLS Worksheet Detect Free and commercial versions, part of the Simple Carver Suite. This article may serve as an aid to forensic examiners or data recovery technicians.
A short guide covering how to batch preview URL files used to store favorites information in Internet Explorer. This article will use the tool URL Previewer, part of the Simple Carver Suite. This article may serve as an aid to forensic examiners or data recovery technicians.
- Active Links: 10
- Pending Links: 3
- Todays Links: 0
- Total Articles: 16
- Total Categories: 4
- Sub Categories: 0
WindowsMail.MSMessageStore Primer |
| Date Added: December 30, 2009 03:10:37 PM |
| Author: admin |
| Category: Documents |
Windows Mail is client based software for email and newsgroup management and was introduced with Microsoft Windows Vista. It is accessible on a Vista platform from the Start Menu under ‘Programs’.
The process takes several minutes depending on the quantity of messages.
The settings relating to the message store can be accessed and viewed from the main menu of Windows Mail under ‘Tools’ > ‘Options’, then click the ‘Advanced’ tab and ‘Maintenance’ button (see picture below).
The maintenance window provides several pieces of information.
The default setting for prompting a user to compress the message store is 100 runs (see picture above). If this setting is changed to 1 for example the user would be prompted to compress the message store each time Windows Mail is closed. The clean up window shows the current size of the message store and allows a user to perform general cleaning tasks. The picture below shows the message store is 78 megabytes.
The message store folder window displays the current path setting for the message store, the default location is: <VOLUME>\Users\<PROFILE>\AppData\Local\Microsoft\Windows Mail
Reviewing email and attachments from Windows Mail can be easily achieved by creating a virtual machine of the host system and using the Windows Mail application to view and export information.1
1 Commercial forensic packages Encase, FTK etc support processing of .eml files and associated attachments (not covered in this article). |
