J P · Apr 2, 2018 · 7:28 PM UTC

J P

J P @JPoForenso

2 Apr 2018

Anyone know how to successfully extract (as a standalone native file) a .msg file (OLE) embedded inside a .msg file (OLE) via the command line (Python preferred)? #DFIR

Hal Pomeranz · Apr 2, 2018 · 9:37 PM UTC

Hal Pomeranz · Apr 2, 2018 · 9:37 PM UTC

Hal Pomeranz @hal_pomeranz

2 Apr 2018

Replying to @JPoForenso

Have you tried @DidierStevens' oledump.py?

Apr 2, 2018 · 9:37 PM UTC

J P · Apr 3, 2018 · 2:10 AM UTC

J P @JPoForenso

3 Apr 2018

Replying to @hal_pomeranz @DidierStevens

Yep, but it just dumps the streams, which I can also do using the olefile library. I've yet to find something that will write the set of OLE streams from the .msg attachment out to a standalone OLE .msg file.

more replies