Autopsy User Documentation  4.16.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Email Parser Module

What Does It Do

The Email Parser module identifies MBOX, EML and PST format files based on file signatures, extracting the e-mails from them, adding the results to the Blackboard. This module skips known files and creates a Blackboard artifact for each message. It adds email attachments as derived files.

This allows the user to identify email-based communications from the system being analyzed.

Configuration

There is no configuration required.

Using the Module

Explore the "Results", "E-Mail Messages" portion of the tree to review the results of this module.

Ingest Settings

There are no runtime ingest settings required.

Seeing Results

The results of this show up in the "Results", "E-Mail Messages" portion of the Tree Viewer.

email_results.PNG

If an e-email has an attachment, the "Attachments" tab in the Content Viewer will be active.

email_attachments.png

You can right click and select "View File in Directory" to navigate to the attached file. You can also switch to the "Thumbnails" tab to see a preview of any image attachments.


Copyright © 2012-2020 Basis Technology. Generated on Mon Aug 3 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.