Navigating the Windows Mail database. (September 2018)
- Record Type:
- Journal Article
- Title:
- Navigating the Windows Mail database. (September 2018)
- Main Title:
- Navigating the Windows Mail database
- Authors:
- Chivers, Howard
- Abstract:
- Abstract: The Extensible Storage Engine (ESE) database is used to support many forensically important applications in the Windows operating system, and a study of how ESE is used in one application provides wider insights into data storage in other current and future applications. In Windows 10, Windows Mail uses an ESE database to store messages, appointments and related data; however, field (column) names used to identify these records are hexadecimal property tags, many of which are undocumented. To support forensic analysis a series of experiments were carried out to identify the function of these tags, and this work resulted in a body of related information about the Mail application. This paper documents property tags that have been mapped, and presents how Windows Mail artifacts recovered from the ESE store.vol database can be interpreted, including how the paths of files recorded by the Mail system are derived from database records. We also present examples that illustrate forensic issues in the interpretation of email messages and appointment records, and show how additional information can be obtained by associating these records with other information in the ESE database.
- Is Part Of:
- Digital investigation. Volume 26(2018)
- Journal:
- Digital investigation
- Issue:
- Volume 26(2018)
- Issue Display:
- Volume 26, Issue 2018 (2018)
- Year:
- 2018
- Volume:
- 26
- Issue:
- 2018
- Issue Sort Value:
- 2018-0026-2018-0000
- Page Start:
- 92
- Page End:
- 99
- Publication Date:
- 2018-09
- Subjects:
- Windows Mail -- Email -- Message -- Appointment -- Calendar -- ESE -- Database -- store.vol -- Unistore -- ESECarve
Forensic sciences -- Data processing -- Periodicals
Criminal investigation -- Data processing -- Periodicals
363.250285 - Journal URLs:
- http://www.sciencedirect.com/science/journal/17422876 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.diin.2018.02.001 ↗
- Languages:
- English
- ISSNs:
- 1742-2876
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3588.396620
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 7543.xml