In this scenario, a user emailed some other user something that probably should not have been emailed. You don’t know who the users are or exactly what they sent. What you have is a bunch of PST files and a list of keywords. And this shell script.

Here’s how the script works. You dump the PST files into $indir. I suggest using a local filesystem and not a network-mounted one for performance and security reasons. Considering the potentially-sensitive nature of this data, you may want to set up an encrypted filesystem that would not auto-mount on startup. 

You then create the $keyword_list containing one keyword per line and encrypt it with gpg using a passphrase. The script will prompt you for that passphrase when you launch it. Depending on the volume of PSTs, the conversion process may take some time. 

As the script digs through the emails, you may start seeing something along these lines:

You can then view the listed email files for more information. I am sure there is a more civilized tool for this task, but all I had was bash.  The script is below and you can also get it here.

 

Leave A Reply

Please enter your comment!
Please enter your name here