Thursday, March 05, 2009

Working with emails

An interesting question popped up on one of the lists yesterday, and I just sort of watched it to see what happened, and how others would respond. The original question had to do with parsing emails, from one format to another. Like many examiners, I've had to deal with this sort of thing myself, looking at data exfiltration or misuse/abuse of corporate assets by an employee. Many times this sort of question really comes down to, how can you parse email messages from one format to another, in order to perform searches of either the email text or of attachments?

The results of the posts to the list are encapsulated below in a list of email conversion tools.

Email Conversion Tools
Emailchemy
Vound Software Intella
Aid4Mail
AvTech - Beware...Perl ahead!
Email Conversion Tools

Another respondent suggested Google searches for "eml to mbox bulk" and "msg to mbox bulk"

So...what do you do? What tools do you use?

Addendum: An alert reader mentioned a free (as in "beer") tool called Mail Cure for Outlook Express (described here) that reportedly can recovery emails from damaged or deleted dbx files. Very cool!

19 comments:

jason pickens said...

I've used Aid4Mail by Fookes. It work really well, but requires an internet connection to verify each time you use the product. Get their forensic license and you can use it off-line.

Transend works decent for Lotus to PST formats.

And if you're looking at EDB or Groupwise databases, Paraben NEMX works alright as well.

Keydet89 said...

Jason,

Thanks. I added a link for the Email Conversion Tools, as I found Transcend listed at the dtSearch site...

Mitch Impey said...

I am very pleased with Intella and how well it works with Outlook pst files. Intuitive, fast indexing and good visual results.

Keydet89 said...

Mitch,

Good to hear! I was offered an evaluation version of Intella to work with, but I don't have OutLook installed on my test system. I'm waiting for Vound's version of Intella that doesn't require the OutLook be installed...

du212 said...

Be aware , a BIG factor in mail conversion tools is loss of embedded objects! Just about any tool has issues with this. I've seen alot of this in converting Lotus Notes Mail to Microsoft email formats.

So if you plan converting, verify,verify,verify your conversions!

Otherwise, produce in native format.

Brian said...

I've found Emailchemy to be very useful based on the volume of mail formats that it converts. For Lotus>Outlook conversions, Uniaccess gets the job done, and i have yet to detect data/object loss.

-Brian

Keydet89 said...

Brian,

Do you mean this UniAccess? Not bad for $49...

Brian said...

yes, thats it. I just noticed that it has been renamed

http://www.transend.com/products_transend_migrator.asp

i have not used the "new" version. The old Uniaccess has always performed great, so I had not looked for updated versions.

Anonymous said...

Why convert the format! I have used everything from Transcend to using external providers like Ontrack or Emag. Every single one of them has major issues with conversions. On top of that you will find most email conversion programs (i.e. Paraben) just use wrappers and reverse engineer the original dll the email program uses.

I would suggest NUIX, it will index EDB, NSF, GroupWise, PST, OST, MBox, WebMail etc and you can then export in MSG, Native, PST or EML after you have carried out your keyword searches or analysis. Also you will find the EDB file format has been reverse engineered instead of being wrapped. So if you encounter something funky they can actually fix it and not wait for the email developer to.

Anonymous said...

We are required to provide data to internal clients who only have access to a SOE environment locked down so hard it's both obstructive and useless at the same time. They even removed the Search function from Windows Explorer.... Outlook is stricly forbidden and supplying any data in "native formats" is usually a complete dead loss. But portable apps configured on removable media work, go figure!

We sometimes supply Thunderbird Portable with pre-processed mailbox files on optical media. Pre-processing is done either with TB's own import function (observed to miss some emails in PSTs) or using an intermediate tool, like FBi NUIX Desktop (pricey).

tutorial said...

thanks for information

Alexis said...

For work with mails recommend use-repair outlook 2007 pst,application is free as how as I remember,it can help to extract data from corrupted files in *.ost and *.pst format and avoid losing of critical contacts, calendars and messages,tool is compatible with all supported versions of Microsoft Windows, besides Microsoft Outlook 2007 you can use any other version of this email client,extract data from corrupted files in *.ost and *.pst format and avoid losing of critical contacts, calendars and messages,can preview the results and make sure, that all emails were repaired successfully.

Keydet89 said...

Alexis,

Thanks for posting the comment...looks like a good addition to any toolkit.

Alex said...

A lot of problems with mails are on reason viruse,hackers or others,but I know tool which can help in like situations-outlook express recover messages,it helped many people and myself too,utility is free as far as I remember,it can likewise helps to restore mailboxes in spite of the reason, that led to email corruption,can repair corrupted files of dbx format, that are stored in Outlook Express folder by default,separate dbx files, Deleted Items.dbx corresponds with Deleted Items folder in Outlook Express and so on,recover messages automatically looks through Outlook Express default file storage and detect dbx files with your messages,works with Windows Vista, Windows XP, Windows XP SP2, Windows 2003, Windows NT 4.0 and other supported versions of this operating system,save restored messages and finish with email recovery,can unpack dbx files and save the contents as separate files of eml format.

Anonymous said...

Some days ago I decided to rename my contact in address book in OE,and after that the contact was deleted.I was frightened.But myself helped this application-outlook express dbx repair tool.It is free as far as I know,besides that tool recover it very quickly and it can eke save all extracted messages to the hard drive as message files in the eml format before a repairing Outlook Express.

Alexis said...

At work with mails usually I use-how to open ost in ms-outlook,because tool is free,it is reliable.Moreover program can open ost file in Outlook 2003 and recover your data from these encrypted *.ost files.

Mike said...

I want a tool which can convert ost to pst, i have a tool for pst repair
Repair outlook pst file tools
to repair pst file. I have deleted my email, but still i recover all my emails, now i have problem with ost, please tell a tool to convert ost to pst.

Alex said...

I often solve problems with help one nice tool.But last time program couldn't help me.And I entered in network and saw there-convert .ost file to .pst file.Application helped me very quickly and for free.Moreover soft demonstrated how it works with ost files in Outlook and belongs to ost to pst conversion software and can repair files with *.ost extension.

Jenny Lembert said...

Problems related to OST file inaccessibility are very common. To resolve such problem OST PST converter. is the best way that converts ost file into Outlook accessible PST file