Outlook Express Email Forensics to Explore DBX File Information

Outlook Express Emails Forensics
author
Published By Mohit
Anuraag Singh
Approved By Anuraag Singh
Published On April 4th, 2024
Reading Time 6 Minutes Reading
Category Forensics

Outlook Express is a discontinued email application, which was formerly known as Microsoft Internet Mail and News. It is designed in a manner to manage POP and IMAP accounts. Using this email application, one can compose and receive rich HTML emails. Alike other email clients, Outlook Express also stores all the emails in the local machine.

Across the globe, email clients are used as a weapon to carry out various illegitimate activities such as phishing, bullying, disclosure of confidential information, IP theft, etc. In the case of the Outlook Express email application, the offenders in various scenarios have a common perception that the activities performed by them remain anonymous on the internet. However, all the suspected evidence can be navigated by thoroughly examining the information. With this help, we will let users know the smart yet genuine approach to efficiently perform Outlook Express email forensics.

Storage Folder Location of Outlook Express

All the Outlook Express email folders and messages, local IMAP folders and settings are stored in one folder designated as Store root folder. This folder is placed in the store root directory. The default location of this directory is:

C:\Documents and Settings\user_name\Local Settings\Application Data\Identities\Microsoft\Outlook Express

DBX Storage Location

Forensic Analysis of Outlook Express User Files

All the messaging information within the root directory is stored in the DBX (.dbx) file. DBX file is a folder, which is created by Outlook Express. Basically, it consists of email messages for a specific data item. These DBX files are of utmost importance in the forensic analysis as it is the file that originally stores all the data of Outlook Express, i.e. emails.

DBX Files

The different DBX files which stores data of Outlook Express includes the following:

  • Deleted Items.dbx
    Stores all the messages deleted from any Outlook Express folder. This file helps in retrieving emails deleted from any email folder by the culprit. In case, if he/she might have deleted emails to hide illegal actions that has been carried out.
  • Drafts.dbx
    Messages which were initiated but were not finished or sent are stored in drafts.dbx file. This file may prove helpful in retrieving the information saved in the unsent form.
  • Folders.dbx
    This is the master index file of Outlook Express and is essential in order to run Outlook Express. The folder should be handled with great caution as mishandling or mail structure corruption may lead to loss of vital information, including newsgroups and emails.
  • Inbox.dbx
    It is the account holder’s inbox which stores all the incoming emails. Information carved out from the inbox.dbx file is extremely important as it reveals the contacts and emails of users that the culprit has interacted with.
  • Sent Items.dbx
    Emails sent by the default user gets stored in the sent items.dbx file. Alike other files, it also proves to be a strong evidence to trace the culprit by detecting the conversation from the account holder’s end.

How to View Outlook Express Mailbox Data?

In order to view the Outlook Express email messages, simply implement the below-mentioned steps:

  1. At first, Right-click the email message
  2. Then, go to File >> Properties >> Details tab
  3. From the Details tab, click Message Source option

Outlook Express Email Forensics

Hidden Data Analysis of Outlook Express Email Client

Email header analyzer for Outlook Express email message consist of the following attributes, which are described in detail below:

  • From: It contains the email ID of the sender who has delivered the email message.
  • Date: This field consists of the date and time of the composed email from the senders end.
  • Subject: It denotes the subject or topic of the email message which is received at the recipient’s inbox.
  • MIME Version: This section displays the MIME (Multi-Purpose Internet Mail Extensions) version. It enables to find the MIME type which is supported by Outlook Express.
  • Content-Type: This field shows the information of MIME header fields. Moreover, it displays various parameters of the message body.
  • X-Priority: It includes values or tags which helps to know the priority of the message header.
  • X-MS Mail Priority: It denotes the priority of the email message on the basis of ranking.
  • X-MIME OLE: This field indicates the MIME type that is developed by Outlook Express.

Forensics of Outlook Express Email Using 100% Genuine Software

One can perform Outlook Express email forensics by analyzing the message data as mentioned above. However, there are some drawbacks for the manual email analysis. This include requirement of enough knowledge for each parameter, extreme time-consumption, etc. Therefore, there comes a point wherein investigating officers need a  reliable Email Forensics Software.

The MailXaminer software is remarkably designed to analyze the emails thoroughly using various advanced features. It provides 7+ preview options, powerful search options, smart analytics options and much more. All these amazing functionalities are incorporated in the software in a user-friendly interface.

Outlook Express Forensics Using Professional Tool

Step 1: Once the software is launched, click on Add New Evidence button. This is followed by Add Evidence window from which you need to select Outlook Express (*.dbx) file type. Upload DBX file using Add File button.

outlook-express

Step 2: After the file is uploaded to the software panel, all the files and folders associated with the DBX file will be shown in the Search screen. A preview of all the emails will be displayed here.

express-mails

Step 3: The software provides a detailed view of email message in different preview modes. This include Message, Hex, Properties, Message Header, HTML, MIME, Attachments, etc.

outlook-express-preview

Step 4: The forensic experts can effortlessly perform analysis using advanced search options. One can easily avail various search options such as General Search, Proximity Search, Regular Expression, Stem Search, Fuzzy Search, and Wildcard Search.

search-types

Step 5: The software also provides an out of the box analytics features which allows to perform in-depth email analysis. It includes Link Analysis, Timeline Analysis, and Word Cloud.

email-analysis

Step 6: For the evidential files to export, the software provides various export file types such as CSV, HTML, PDF, EML, MSG, etc. Based on the requirement, one can choose the respective export file format option in which the resultant file will be converted according to the chosen file type.

export

Closing Thoughts

To carry out a thorough and deep analysis of the Outlook Express emails, it is necessary to know where to start from. One can perform manual Outlook express analysis by investigating the metadata. However, availing third-party software is best suggested over the manual methods. As a result, we have described a perfect yet trustworthy Outlook express forensics software to smartly collect artifacts rather than wasting time on the manual procedure.

With this software, the forensic examiners can deeply analyze the header of the emails and view the emails in multiple preview options. Moreover, it helps to reveal the inner details which can get overlooked easily while using the manual analysis.

author

By Mohit

Mohit, a renowned digital and cyber forensics expert, specializes in extracting, analyzing, and preserving digital evidence. He helps organizations protect their sensitive data from cyber threats by uncovering hidden clues and providing actionable insights. Mohit's commitment to staying updated with the latest industry trends ensures he delivers valuable articles on safeguarding organizations from emerging cyber risks.