Microsoft Outlook
Overview
Section titled “Overview”Evidence: Microsoft Outlook
Description: Collect Microsoft Outlook Emails
Category: Applications
Platform: windows
Short Name: outlk
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”Microsoft Outlook stores emails in PST (Personal Storage Table) and OST (Offline Storage Table) files. PST files contain local email archives, while OST files are cached copies of Exchange mailboxes. Legacy Outlook Express used DBX files.
Data Collected
Section titled “Data Collected”This collector gathers structured data about microsoft outlook.
Collection Method
Section titled “Collection Method”This collector gathers Outlook PST and OST files from AppData and Documents directories, as well as legacy Outlook Express DBX files from Identities directories.
Forensic Value
Section titled “Forensic Value”Outlook email files are critical evidence containing correspondence, attachments, contacts, calendars, and tasks. They’re essential for investigating business email compromise, phishing, data leaks, and establishing communication timelines. PST files can contain years of archived communications.