I had a copy of an e-mail that had a virus in it that I wanted to analyze. The problem was that the Outlook e-mail message was in .msg format. My virtual machine that I was using to analyze malware was Windows XP based. The problem was that the included Outlook Express would not open the Outlook saved .msg file. And I did not want to install Outlook on the system.
So is there a way to read the file and recover the attachment without using Outlook?
Of course, like other Office file formats (like .docx) the .msg file is just zipped!
I tried several techniques to open the Outlook .msg file, even downloading an open source program that reads them. I could read the message but could not get to the attachment. And I needed the attachment so I could analyze it for malware. On a whim, I tried unzipping the .msg file, and it worked!
I am not sure why I didn’t try that earlier. I knew that you can unzip .docx files and get a lot of forensic information like who created the file and who modified it (This technique helped catch a collar bomber in Australia).
Комментариев нет:
Отправить комментарий