Difference between pages "Personal Folder File (PAB, PST, OST)" and "SimCardPurdue"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Personal Folder File (.PST, .OST, .PAB))
 
(Forensics)
 
Line 1: Line 1:
[[Microsoft]] [[Outlook]] uses the '''Personal Folder File (PFF)''' to store e-mails, appointments, tasks, contacts, notes, etc.
+
== Purdue SIM Card Analysis ==
  
Three different types of the PFF are known:
+
PurdueSIM is a database of previously owned and used SIM cards. A total of over 600 recorded SIM cards are available from Purdue University.
* The '''Personal Address Book (PAB)''', which contains the address book of contacts. These files have the extension '''.pab'''.
+
* The '''Personal Storage Table (PST)''', which contains items like e-mails, appointments, tasks, notes, etc. and is used as current and archived mailbox files. These files have the extension '''.pst'''. The PST format is also referred to as the '''Personal Folder File (PFF)''' format.
+
* The '''Offline Storage Table (OST)''', which contains items like e-mails, appointments, tasks, notes, etc. and is used as off line mailbox files in conjunction with [[Microsoft]] [[Exchange]]. These files have the extension '''.ost'''. The OST format is also referred to as the '''Offline Folder File (OFF)''' format.
+
  
The underlying file format of these files is the same of which the actual name is unknown but has been dubbed the '''Personal Folder File (PFF)''' format, because of its most common usage.
 
  
== MIME types ==
 
  
The actual Mime type of the PFF format is unspecified however some sources claim the following [[MIME types]] apply to this [[file format]]:
 
* application/vnd.ms-outlook (for PST files)
 
  
== File signature ==
 
  
The PFF has the following file signature:
 
hexadecimal: 21 42 44 4e
 
ASCII: !BDN
 
  
== File types ==
+
== Forensics ==
  
There are a 32-bit and a 64-bit version of the PFF. These have the same file signature but can be identified by the version in the file header.
+
[http://ssddForensics.com] Purdue Cyber Forensics
  
== Contents ==
+
[http://ssddfj.org] Small Scale Digital Device Forensics Journal
 
+
The PFF basically contains a hierarchy of items. The attributes of these items are defined by the [[Microsoft]] [[Outlook]] [[Message API (MAPI)]].
+
 
+
== Encryption ==
+
 
+
The PFF format allows the file to be encrypted. Two types of encryptions are currently known these are referred to as compressible and high encryption.
+
The compressible encryption is a basic substitution cypher and the high encryption is a little more complex substitution cypher.
+
From a cryptographic point of view this is more a way of obfuscation than a means to protect confidentiality.
+
 
+
== See also==
+
 
+
* A great deal of information about the format has been documented by the [http://libpff.sourceforge.net libpff project], including some of the [http://downloads.sourceforge.net/libpff/Personal_Folder_File_format.pdf Personal Folder File format specifications] and [http://downloads.sourceforge.net/libpff/MAPI_definitions.pdf MAPI definitions].
+
* [http://www.five-ten-sg.com/libpst/ libpst]
+
 
+
[[Category:File Formats]]
+

Revision as of 11:14, 8 April 2009

Purdue SIM Card Analysis

PurdueSIM is a database of previously owned and used SIM cards. A total of over 600 recorded SIM cards are available from Purdue University.




Forensics

[1] Purdue Cyber Forensics

[2] Small Scale Digital Device Forensics Journal