Generating Microsoft Outlook timelines – An addendum to "Generating computer forensic super-timelines under Linux"

PDF

Authors
  1. Carbone, R.
Corporate Authors
Defence R&D Canada - Valcartier, Valcartier QUE (CAN)
Abstract
This technical memorandum has carried out work to examine how Microsoft Outlook storage folders could be converted into digital forensic timelines. The work was done in order to help the author carry out important analyses against certain forensic investigations, the outcome of which was largely dependent on the success of this work. Outlook storage folders are transformed into timelines using Outlook-specific e-mail and attachment processing and utilities that extract these data from selected storage folders. Based on these extracted e-mails and attachments, precise data processing is carried out against them, transforming important data and metadata therein into a concise historical description for use in forensic investigations. The work as carried out by the author defines a novel approach to utilising e-mails in forensic investigations and provides a functional prototype that the open source forensic community can use and build upon. This memorandum will serve as the basis for an invention report to be submitted by the author concerning the proposed Outlook timeline generation prototype.

Il y a un résumé en français ici.

Keywords
computer forensics;digital forensics;email;email forensic timelines;email timelines;mail;mail timelines;mail forensic timelines;microsoft mail;outlook;outlook timelines;outlook forensic timelines;timelines;super-timelines
Report Number
DRDC-VALCARTIER-TM-2012-278 — Technical Memorandum
Date of publication
01 Jun 2013
Number of Pages
108
DSTKIM No
CA045380
CANDIS No
805782
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: