Windows 10 Mail App Forensics

  • \Users\<username>\AppData\Local\Comms\Unistore\data
Directory Listings for the Windows 10 Mail App Artefacts
  • AppData\Local\Comms\Unistore\data\0; Windows phone data
  • AppData\Local\Comms\Unistore\data\2; contact lists within the account
  • AppData\Local\Comms\Unistore\data\3; the contents/body of the email
  • AppData\Local\Comms\Unistore\data\5; calendar invitations
  • AppData\Local\Comms\Unistore\data\7; email attachments
  • AppData\Local\Comms\Unistore\data\33; contents of invitations, maybe
XWays displaying calendar invitations
OSForensics parsing .dat files in \data\33
Using OS Forensics to Extract store.vol
OSForensics String Viewer to search store.vol for email data
Using OSForensic’s ESEDB Viewer to parse store.vol
Attempting to use NirSoft’s ESEDatabaseView to parse store.vol
Attempting to use Autopsy to parse store.vol

--

--

--

Your one and only source into the scandalous life of a DFIR consultant.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Cost-effective Backups with AWS S3

Power BI: Visualizing filter || evaluation context

Nifty tool-chain for CQRS application development with read model projection

Preparing digital John Lewis for peak events — Live Load Tests

https://www.johnlewis.com/black-friday/c6000670128

Buying.com Weekly Bulletin 2/17/22

Calling Rundeck API job with options with Postman

My Phase 3 Ruby Project

Telos Core Developers Update

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
darkdefender

darkdefender

Your one and only source into the scandalous life of a DFIR consultant.

More from Medium

Deepin 20.5 — Agile Development of Mail

Playing MP4 videos on Elementary OS

The Penetration Testing Guide for Compliance and Audits

Kioptrix Level 1 — Walkthrough [Vulnhub Machine]