Blog >> Outlook Express DBX

Investigating Outlook Express DBX

26/01/2021 Tuesday

Microsoft Outlook Express is a discontinued Internet-based email program developed by Microsoft Corporation. Outlook Express was part of Internet Explorer in its earlier versions then later to be available as a standalone software. Outlook Express was intended for home users as it lets the user save, send, receive and manage email messages.

Digital Forensics Value of Outlook Express DBX Artifacts

Mailboxes make an essential part of our lives since it is considered one of the most important methods of communication in the 21st century. In accordance, the forensics of mailboxes is a crucial part of digital forensics. Forensic searches are carried out to investigate and find any leads of a felony or wrong acts which helps in solving a case or problem.

Location of Outlook Express DBX Artifacts

Outlook Express DBX stores email artifacts at: C:\Windows\Application Data\Outlook Express\{GUID}

Or at: C:\Documents and Settings\%username%\Local Settings\Application Data\Identities\{GUID}\Microsoft\ Outlook Express\*.dbx

Structure of Outlook Express DBX Artifacts

Outlook Express structure consist of several *.DBX files, and those files store all user’s messages. Those files can be found in the master index file, so called the Folders.dbx file. It stores the tree structure of the othe mail folders and it is required for Outlook Express to run. Some of the default created mail folders are Inbox.dbx, Drafts.dbx, Sent Items.dbx, Deleted Items.dbx, Offline.dbx, Pop3uidl.dbx, and Cleanup.log when maintenance is enabled. It also stores user created email folders and newsgroups folders.

Analyzing Outlook Express DBX Artifacts with ArtiFast Windows

This section discusses how to use ArtiFast to extract Outlook Express artifacts from Windows machines and what kind of digital forensics insight we can gain from the platform.

After you have created your case and added evidence for the investigation, at the Artifacts Selection phase, you can select Outlook Express artifact:

Once ArtiFast parser plugins complete processing artifacts for analysis, it can be reviewed via “Artifact View” or “Timeline View”, with indexing, filtering, and searching capabilities. Below is a detailed description of the Outlook Express DBX artifacts in ArtiFast Windows.

Outlook Express DBX Artifact