Autopsy User Documentation  4.8.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Email Parser Module

What Does It Do

The Email Parser module identifies Thunderbird MBOX files and PST format files based on file signatures, extracting the e-mails from them, adding the results to the Blackboard. This module skips known files and creates a Blackboard artifact for each message. It adds email attachments as derived files.

This allows the user to identify email-based communications from the system being analyzed.

Configuration

There is no configuration required.

Using the Module

Explore the "Results", "E-Mail Messages" portion of the tree to review the results of this module.

Ingest Settings

There are no runtime ingest settings required.

Seeing Results

The results of this show up in the "Results", "E-Mail Messages" portion of the tree.

email_results.PNG

The results can also be seen by browsing to the source file in the Data Sources tree, which will display the messages in the Results Viewer to the right. Any messages with attachments will be shown under the source file, and the attachments can be seen in the Result Viewer by selecting the message.

email_datasource_tree.png

Copyright © 2012-2018 Basis Technology. Generated on Thu Oct 4 2018
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.