Re: [sleuthkit-users] pst file digest
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] pst file digest
|
From: MATT P. <mat...@ad...> - 2013-11-08 14:32:05
|
Thank you guys for your suggestions. I would really find a native parser useful. With the ability to import logical files into a case now half the workflow is there. Being able to parse a number of pst's against a keyword list is what I need to do. Python isn't my strength so I'll have to ask around. There are several commercial products but they are both expensive and incomplete in their features. The report part is also a consideration. Just locating the relevant data would be useful. Having a list of locations in a pst were relevant keywords exist would be great. Being able to carve message files out intact and/or export messages as a pdf would be amazing. >>Hi Matt - we are currently looking into pst parsing libraries and >>hope to have something in the next couple of months to make the >>Mbox parser a more generic email parser That is good news. I rely heavily on libpff for now, although I've not had any success in doing a complete examination without having to resort to native outlook and sectool to process p12/pfx certificates. If someone can come up with an answer to that (or have I missed an existing one?), that would be most helpful. Admittedly I don't spend enough time on PST testing, but since it's a big chunk of our casework, I'll need to start. /******************************************* Barry J. Grundy Assistant Special Agent in Charge Digital Forensic Support Group Electronic Crimes and Intelligence Division Treasury Inspector General for Tax Administration (301) 210-8741 (w) (202) 527-5778 (c) Bar...@ti...<mailto:Bar...@ti...> ********************************************\ From: Jason Letourneau [mailto:jle...@ba...] Sent: Thursday, November 07, 2013 8:14 PM To: MATT PIERCE Cc: sle...@li...<mailto:sle...@li...> Subject: Re: [sleuthkit-users] pst file digest Hi Matt - we are currently looking into pst parsing libraries and hope to have something in the next couple of months to make the Mbox parser a more generic email parser Jason On Thursday, November 7, 2013, MATT PIERCE wrote: I'm curious if there is any work on a plugin to digest pst files. I'm often getting hit with eDiscovery requests to search multiple PST files for a series of key words. Libpff has a few tools that can work with a pst to a degree but it would be very nice to be able to use them with Autopsy's workflow. ------------------------------------------------------------------------------ November Webinars for C, C++, Fortran Developers Accelerate application performance with scalable programming models. Explore techniques for threading, error checking, porting, and tuning. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
