I am trying to export email artifacts from a pst. the export as csv is very limited and does not appear to include all the message body. Is there any way to export these artefacts as files?
Not at this time. I can add it to the future feature request for you.
2 Likes
Mark that would be very useful. I’ve been using Autopsy for years and have always thought the work that has gone into the email parser was great. But the ability to export individual messages from.PST would be massively helpful.
As a long time user any other features you would like to see added or made better?
1 Like
I think the most underdeveloped aspect of any DFIR tool is the reporting. I use tools like Celebrite PA, Magnet AXIOM and NUIX. They all have pros and cons but none have a perfect reporting function.
As an analyst I want to be able to tag the items of interest then to be able to produce a detailed report of those items with all metadata I need in a format that can be exhibited in court, with the option of exporting the original format files linked to the report.
The most useful reporting features I’ve found is in Vound Intella, which is good at email analysis but had some major limitations for other aspects.
I have emailed you Mark
Mark,
Richard’s excellent comments about reporting and what features would be useful for users who may need to testify about their investigation dovetail nicely with our conversation a month or two ago about new features.
Reporting, while not exactly sexy, could easily become a killer feature for Autopsy relative to its closed source peers by making it possible to easily incorporate comprehensive results in reports from other sources or from manual entry of data.
I can’t stress enough how important it is for expert witnesses to have all of their findings in one, well-organized, exhaustive report that is easy to navigate and informative. In a videotaped deposition, seconds count when trying to find info that is responsive to a question, and the less page flipping or screen scrolling, the better.
Closed source platforms, obviously, are not rushing to make it easy to integrate data from outside their walled garden. I assume the Autopsy team, on the other hand, does not have such hangups. This results in a real competitive advantage for Autopsy.
You may recall that I regularly work with expert witnesses but am not an expert witness myself, so I am not the best source for determining what would be most useful for expert witnesses, so I defer to the team and others on answering that question. However, I have been thinking about this on and off since our exchange, and the best approach I have thought of to get the ball rolling is a “special” logical file system that can be added under a matter that is used to add artifacts from outside sources, which would then allow tooling to be developed to address manually added artifacts (such as individual emails extracted from PST files using some other utility).
Richard, 4n6 offers a very cost effective utility that will export the contents of a PST file to PDF or several other formats, with each email exported to an individual email, saved in directories that replicate the folder structure created by the user.
1 Like
Thanks for your response @BobWood completely agree with your comments.
I have not used the 4n6 tools but will certainly try them now.
I am putting some ideas together regarding reporting as your correct Autopsy could be an industry leader with some investment in the report creation.
1 Like
Hi Richard, I recently started using Autopsy. Have used every Digital Tool out there from DT Search to FTK, Nuix, Intella, Relativity. But I have the same issue you’re experiencing, I just realised now that none of the email / individual .pst’s were being extracted. Being able to extract or export an email to .pdf would add such a HUGE advantage to Autopsy.
1 Like
I’ve found is in Vound Intella, which is good at email analysis but had some major limitations for other aspects.
I think the most underdeveloped aspect of any DFIR tool is the reporting. I use tools like Celebrite PA, Magnet AXIOM and NUIX. They all have pros and cons but none have a perfect reporting function...
During our investigations, we must sort and select emails that involve lawyers and persons protected by law. Is it possible to create a private case containing a selection of messages (tagged) with the content of the messages?
However, the “ingest” modules manage to separate the elements (from a PST file for example) which could be saved in separate and complete form in order to be able to be analyzed subsequently. This is also valid for other “containers” such as archives (of “Zip” type).
Hi, I also think this export function would be very very useful, either in bulk in a single folder or into multiple folders from original organization. A generated report on the files, with their origin would therefore be sooo useful.