Home » Blog » Outlook » Outlook Email Forensic Analysis And The Methods Experts Use

Outlook Email Forensic Analysis And The Methods Experts Use

Published By Mohit Jha
Nimisha Ramesh
Approved By Nimisha Ramesh
Published On January 11th, 2024
Reading Time 4 Minutes Reading

Outlook Forensics is a field of forensics which deals with the analysis of the email data in an Outlook data file. Outlook being one of the most popular email clients, has significant exposure to people with malicious intentions. This highlights the importance of forensics in this field.


This article underlines all the information about this area and the professional email forensic tools required to carry out the investigation.

Overview of Outlook Email Forensics

Outlook Email Forensics involves the analysis and investigation of emails sent and received through Microsoft Outlook, a widely used email client. It is done to investigate evidence that is crucial in legal proceedings

Analyzing the Information Obtained

When the information is obtained, relevant analysis is required to have it make sense and be in a usable form for further Outlook Forensic analysis.

There are two types of files that Outlook uses to store email data: PST (Personal Storage Table) and OST (Offline Storage Table) files. PST files are used in the Outlook desktop application. These store all email data locally on the user’s computer. OST files deal with Outlook’s offline mode and allow users to access emails offline. The OST files synchronize with the mail server when the connection is restored.

Key Elements of Outlook Emails:

Here are some key elements of Outlook Emails which aid in Outlook Email Forensics:

  • Email Headers: Headers contain critical information such as sender and recipient details, timestamps, and subject lines. Analyzing email headers can assist in establishing communication patterns and determining the authenticity of messages.
  • Metadata: Metadata provides additional information about emails, including message IDs, IP addresses, and client details. This data can aid in tracing the origin and path of an email.
  • Attachments: Attachments carry potential evidence. Examining attachments can reveal hidden information.

There are primarily two email forensic techniques to access and analyze the data of an Outlook email which are expanded upon further in the article.

Method 1: Outlook Forensics through the Outlook Header

Forensic analysis of Outlook email headers is a rudimentary approach that provides limited insights. It is not complete and thorough and hence does not contain all the information in the potential evidence. Therefore this method is not recommended by the experts.

The investigator can examine basic information such as the sender’s name, recipient’s name, date and time of the message, and subject line. This method only gives access to this information.

Accessing the Email Header Information

To begin the analysis, access to the email header is required. Investigators performing Outlook Email Forensics can access the email header by opening the email message in Outlook and selecting the option to view the email headers from the “File” or “View” menu.

All the header information is present here and the investigators can copy all the contents from this page and paste it on a tool that provides this service. Some of the top examples include MessageHeader by Google.

However, for the in-depth analysis of the Outlook accounts, you need to take the help of a functionally superior and advanced software like the one mentioned below.

Also Read: A list of top Email Header Analysis Tools

Method 2: Expert Solution for Outlook Forensics

One of the top and highly rated tools like the Email Examiner Tool is a functionally superior and easy to use software. It is a market leading software that has all the essential tools to carry out a thorough investigation.

Various advantages to using this tool are:

  •     Different Evidence Viewing Options
  •     Multiple Keyword-Search Options
  •     Relation Generator Using Analytics Functionality
  •     Detailed Filtering Options
  •     Various Export/Extract Formats

MX Demo

Short User Guide for the Tool

The tool is very intuitive and easy to use and is one of its main highlights. The very simple steps are:

  • Open the software to create a new case.
  • Add the files required for the examination by clicking Outlook and importing the evidence.
  • After you complete the Outlook Email Forensic analysis, export the revelations in a proper report. 

search options


This article contains information on the different procedures which are used to perform Outlook Forensic analysis and shows the importance of an automated and functionally superior tool to navigate the evidence and to make it usable for the process. The tool discussed in this article is highly acclaimed for its capabilities in this field