tommy/thoughts
tommy/thoughts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
thoughts/data/msg-eml.md
Tommy Skaug 805a34f937
All checks were successful
Export / Explore-GitHub-Actions (push) Successful in 2m19s
Details
initial migration
2024-08-05 20:24:56 +02:00

58 lines
2.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Thought Id share a neat little script-combo if you do your
email analysis on Linux systems, or do automation. For the
task youll need msgconvert.pl [1] and ripmime [2].
MSG files are used by Microsoft Outlook, and is the natural
fit in regard to malicious messages in organizations running
Microsoft products. For reference you can find the
specification for the Outlook Item File Format here.
In this part you will require a file from Outlook, which you
can acquire by selecting a message and drag it to the
desktop or a new message. If you dont do Outlook, you can
just google for one [3].
msgconvert.pl <message>.msg
ripmime -i <message>.mime
The above will first convert the MSG file to a mime
file. The latter command will make sure to extract the
objects in it, such as binary files or documents. The text
files contains the content of the email and will be
something like: textfile0
If you need the headers you will find them at the top of the
mime-file.
Now to EML-files, which you will also often find when
exporting email messages. EML is really just short for
“E-mail”. In OS X Mail, Outlook Express, Thunderbird (and
others) you are typically presented with EML/MIME-formatted
documents, and its just a document which complies with RFC
822 [4]. EML-files are more easy to work on since you can
open it in a text editor and read the essential information
plain straight away.
So what does that mean in regard to ripmime? It really just
means that instead of calling the output from msgconvert.pl
<message>.mime, you can name the file <message>.eml. In
commands:
ripmime -i <message>.eml
The above will output your mime parts.
## OS X Specifics
You may want to do the above on an OS X system as well. For
this you can install ripmime via Homebrew [5].
If you are exporting an eml from Apple Mail you may do so
the same way as in Outlook: Just drag it where you want it.
[1] https://www.matijs.net/software/msgconv/
[2] https://www.pldaniels.com/ripmime/
[3] https://www.google.com/search?q=filetype:msg&oq=filetype:msg#q=filetype:msg+outlook
[4] https://tools.ietf.org/html/rfc822
[5] https://brew.sh/index_nb
Reference in a new issue View git blame Copy permalink