Notifications
Clear all

Parsing PSTs

14 Posts
7 Users
0 Likes
1,102 Views
keydet89
(@keydet89)
Posts: 3568
Famed Member
Topic starter
 

All,

I've got a couple of PST files created by using ExMerge on an Exchange server. I'm looking for a tool that will allow me to list the attachments, by file name, within folders.

I know that EnCase, Paraben and FTK will let you open PST files. I have EnCase, but not the other two.

I'm looking for a solution that I can use in the future, and distribute to the team…anything freely available is good, but what I'd like to get is input on the tools that have worked, not just what's out there. "Outlook Express Archiver" from WheresJames Software was recommended to me, but the person recommending it never bothered to check if it was still available. ;-(

thanks,

Harlan

 
Posted : 23/02/2007 9:45 pm
andy1500mac
(@andy1500mac)
Posts: 79
Trusted Member
 

Harlan,

If I understand you correctly Encase can pretty much do what you are asking. I'm using v6.2 and just dragged a PST into the case window and then mounted by "Viewing file structure".

I then sorted by file extension or alternately description (attachment). Then checked all the docs, xls, etc and exported the list (selecting name and full path as export fields)

Is this what you are looking for..?

Andrew

 
Posted : 23/02/2007 10:26 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
Topic starter
 

Andrew,

Thanks. That is what I'm looking for, albeit I only have EnCase 5.05f.

I'm also looking for other alternatives, such as freeware apps (if possible) as alternatives. However, I do thank you for your response…it's greatly appreciated.

Harlan

 
Posted : 23/02/2007 11:30 pm
(@branerift)
Posts: 59
Trusted Member
 

I am not familiar with Exchange, but I am guessing the PST are the same with Outlook?

Before my department would come off money and but FTK and EnCase, I had a VM running with Outlook and just imported the PST ) It was free and rather easy. I know you are looking for a freeware tool, but I am not aware of any. I tend to use FTK for email. I think it organizes better than Encase (5.05f).

 
Posted : 26/02/2007 8:40 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
Topic starter
 

BraneRift,

Thanks for the response.

> Before my department would come off money and but FTK and EnCase,

What???

Also, I am not simply looking to open these PSTs with a freeware tool. Again, in my original post, I am looking for a way to list the names of the files that are attached to the emails, particularly those in the Sent folder. I am aware that Outlook and Outlook Express can open the emails, but then I'd have to go through by hand, and with the number of emails I'm looking at may end up missing some attachments.

Again, I am not looking for the content of the emails…I am looking to get just the names of the attachments.

Thanks,

Harlan

 
Posted : 26/02/2007 9:29 pm
(@branerift)
Posts: 59
Trusted Member
 

Harlan,

In my opinion, I think FTK does the superior job of listing only the attachments to the emails (path, times, etc). I will include a screenshot so you may see then end result, but I have to wait till I return home inorder to post the graphic on a server. This will give you a better idea of all the imformation that is included on the FTK email screen.

> Before my department would come off money and but FTK and EnCase,

What???

My mind works faster than my fingers or something is lost in the translation of brain activity and motor skills….. What it was supposed to say is "Before my department would come off the money for FTK and Encase"

Kevin

 
Posted : 27/02/2007 1:29 am
(@gmarshall139)
Posts: 378
Reputable Member
 

Harlan,

You can isolate attachments in version 5 very easily. Mount the .pst file(s), homeplate everything, and create a condition for "description=Attachment".

 
Posted : 28/02/2007 12:31 am
Thomas
(@thomas)
Posts: 59
Trusted Member
 

Hello,

you can also try "Outlook Attachment Sniffer". This tool moves or copies all the attachment to a directory of your choice. This did the job for me! Its not freeware, but 15 dollars is not expensive. I think you should try the demo at http//www.rsbr.de/Software/OASniffer/index_eng.htm
Good luck!

 
Posted : 01/03/2007 11:22 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
Topic starter
 

All,

Thanks for your advice. I accomplished what I needed with FTK 1.7 and a Perl script.

Thanks again,

Harlan

 
Posted : 02/03/2007 5:00 am
(@branerift)
Posts: 59
Trusted Member
 

Harlan,

Sorry I didn't get to post those pictures. I had to have a double hernia surgery. Ouchie

I am glad that FTK worked out for you.

 
Posted : 06/03/2007 4:46 am
Page 1 / 2
Share: