search

tuansandman / opendlp

Automatically exported from code.google.com/p/opendlp
0 stars 0 forks source link

Support for Searching PST Files #42

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
I did some initial research on open source software that can read/extract PST 
files commonly used with Microsoft Outlook. It would be great to leverage this 
type of searching capability both during a pentest and data discovery exercise.

I came across readpst, which Spider also uses to grep PST files. I would think 
that this could be implemented in both an agent and agentless scenario with the 
preference being agent-based. Thinking through it since you would temporarily 
extract the PST you would need to do a quick disk space check as PST are 
notoriously large.

I found a somewhat recent blog entry on this exact topic: 
http://dereknewton.com/2011/02/searching-and-extracting-data-from-pst-files/

readpst appears to extract the information in an organized fashion that the 
current regexs could then grep for sensitive information. Reporting this 
information back to the specific message, within a specific PST, on a machine 
might be the more challenging piece.

Has anyone else looked into adding this capability?

Original issue reported on code.google.com by js69...@gmail.com on 2 Feb 2012 at 2:31

GoogleCodeExporter commented 9 years ago 
ReadPST looks very promising and it's GPL. I will investigate whether it is 
feasible to integrate it with the agent.

Original comment by andrew.O...@gmail.com on 9 Feb 2012 at 3:32