±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 32909
New Yesterday: 2 Visitors: 134

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

OLKMESSAGE14 and OLKMESSAGE15 Email files

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

OLKMESSAGE14 and OLKMESSAGE15 Email files

Post Posted: Mon Oct 09, 2017 12:24 pm

Hello all,

Just wanted to report that Nuix's ProofFinder tool (www.prooffinder.com) was able to process and convert to PDF format .OLKMESSAGE14 and .OLKMESSAGE15 email files extracted from a MacBook

OLK MESSAGE files are individual email messages that Microsoft Outllook stores emails as on MacBooks.

I tried multiple other forensic tools (and Outlook 2016 and Mozilla Thunderbird) to present the OLK files in a format which could be reviewed by an attorney and only ProofFinder could properly process these email messages such that the headers and body were legible.

Hope this helps anyone else in the future grappling with this OLK format.  

UnallocatedClusters
Senior Member
 
 
  

Re: OLKMESSAGE14 and OLKMESSAGE15 Email files

Post Posted: Wed Oct 11, 2017 4:20 am

Excellent news!  

keydet89
Senior Member
 
 
  

Re: OLKMESSAGE14 and OLKMESSAGE15 Email files

Post Posted: Wed Oct 11, 2017 7:21 am

I use emailchemy to convert the mac mail data to an mbox. One reason why it is needed is because the attachments are not associated to the email.  

jasonlee
Member
 
 
  

Re: OLKMESSAGE14 and OLKMESSAGE15 Email files

Post Posted: Thu Oct 12, 2017 7:40 am

Interestingly, I also found an "outlook.sqlite" file on the MacBook.

Internet Evidence Finder could process the "outlook.sqlite" file and converted the file to 12,700 "emails" with varying amounts of recovered information (some records had metadata and others did not).

I have not checked but possibly the "outlook.sqlitedb" file has pointers to the OLKMessage files.  

UnallocatedClusters
Senior Member
 
 

Page 1 of 1