email

As an Incident Responder it's pretty common to analyse malicious emails, however finding the right tools, to safely pull apart an email, aren't always easy to find. I often find analysts struggle to pull apart an email once you explain the risks of using Microsoft Outlook as an analysis tool. This post will look at using open source tools within the SANS SIFT Workstation virtual machine to safely pull apart a native outlook email message. To start with, a native Outlook email message is in an .MSG file format. This format, unfortunately, can't be opened and viewed easily with a…