Investigating Windows Mail Database
Posted by Jack H. Ward, Last modified by Jack H. Ward on 06 February 2018 05:01 AM

Windows Mail database is stored in the Windows Mail folder.

Mailstorage default location:

Windows 7, 8, 8.1, 10

C:\Users\<windows_username>\AppData\Local\Microsoft\Windows Mail

The Application Data folder (AppData in Windows 7, 8, 8.1, and 10) is hidden by default.

To investigate a Windows Mail database, do the following:

1. Have the Add New Evidence window open. 
2. In the Category list, select E-mail Database. In the Source Type list, select Windows Mail database. Click OK.

3. In the Browse For Folder window, select the location of the source folder and click OK.
4. Enter the Evidence name (opened folder name by default) and click OK.
5. The Windows Mail database is added to the case.
6. The mailstorage structure is displayed in the Case Content pane (to the left), messages stored in the mailbox are displayed in the Data View pane (to the right).

The messages that have been deleted from the trash in Windows Mail cannot be restored. Only the Trash content can be viewed.

7. Select the message in the Data View pane. Its contents are displayed in the E-mail Data pane (at the bottom).
8. You can view the message contents in different formats and/or view the attachments.


 Windows Mail Database.png (44.05 KB)
(0 vote(s))
Not helpful

Comments (0)