Investigate Email - reuteras/dfirws GitHub Wiki

There are many tools available to investigate emails and storage formats related to emails.

  • emldump.py
  • extract_msg
  • Mbox Viewer
  • msgviewer
  • pstwalker

You can use emldump.py to look at and extract data from .eml files.

Example use with emldump.py

For .msg files you can use extract_msg. Se help and example below.

Help for extract_msg Example use of extract_msg