Microsoft Outlook

Overview

Evidence: Microsoft Outlook Description: Collect Microsoft Outlook Emails Category: Applications Platform: windows Short Name: outlk Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

Microsoft Outlook stores emails in PST (Personal Storage Table) and OST (Offline Storage Table) files. PST files contain local email archives, while OST files are cached copies of Exchange mailboxes. Legacy Outlook Express used DBX files.

Data Collected

This collector gathers structured data about microsoft outlook.

Collection Method

This collector gathers Outlook PST and OST files from AppData and Documents directories, as well as legacy Outlook Express DBX files from Identities directories.

Forensic Value

Outlook email files are critical evidence containing correspondence, attachments, contacts, calendars, and tasks. They're essential for investigating business email compromise, phishing, data leaks, and establishing communication timelines. PST files can contain years of archived communications.