Free Windows Live Mail Viewer to Analyse Windows Email Messages

Are you unable to open Windows Live Mail Files? No need to struggle here and there for a solution, simply use Windows Live Mail Viewer/Reader and extract inaccessible WLM Files without any worries.

To start Windows Live Mail forensics, first it is necessary to understand how actually Windows stores emails in Windows 7 and the previous Windows OS version.

Windows Live Mail is one of the most well-known freeware email client application with over and above 280 million active accounts. WLM efficiently manages multiple email accounts, calendar and contacts. Windows Live Mail supports incoming server that includes Post Office Protocol (POP3) and IMAP (Internet Message Access Protocol) and outgoing server i.e. Simple Mail Transfer Protocol (SMTP).

In Windows Vista OS, MS Outlook Express email application was replaced by Windows Live Mail. It is inbuilt in most PCs working under Windows 7, in a hidden folder C:/Program Files/Windows Mail. All the files having email messages with folder tree information and other type of information that Live Mail need to display the stored data.

The below mentioned information is necessary to set the OS to view hidden folders and file extensions as follows:

Control Panel > Folder options > View > Show hidden files and folders

Control Panel > Folder options > View > Hide extensions to know file types (uncheck it)

hidden folder

Location of Windows Live Mail in:

Windows XP:

C:\Documents and settings\UserName\Local Settings\Application Data\Microsoft\Windows Live Mail

Vista or Windows:

C:\Users\UserName\AppsData\Local\Microsoft\Windows Live Mail

Windows 8:

C:\Users\UserName\AppData\Local\Packges\Microsoft.windowscommunicationsapps\LocalState\Indexed\LiveComm\Mail

From above description:

Investigator can easily catch the location of Live Mail files in different Operating System. But from the investigative viewpoint, technocrat should recognise that in Windows Live Mail, contact database is stored in the contact.edb file.

Live Mail application provide different options of operation for contact database:

Default (offline) – no sign in to Windows Live

Live ID (Offline) – Sign in to Windows Live

WLM will operate in one mode at a time and each mode has its own contact when viewed in WLM.

Name & Location of Database:

Windows Live Mail stores all of its Contact Databases in a single file called “contacts.edb”

Location:

C:\Users\Username\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.4\DBStore\contacts.edb

  • Each Mode in Live Mail will have a unique “contacts.edb” file (same name, different location)
  • Each ID of Live Mail used in Live ID mode will also have a unique “contacts.edb” file.

Default (offline) Mode

The contacts.edb file of Default (offline) mode is saved in a hidden sub folder called DBStore. To view the DBStore folder technocrat should configure Windows Explorer to “Show hidden files/folders and protected operating system files.”

The Location of DBStore folder:            

  • WLM 2011 (Pre QFE3 Version) – Windows 7 or Vista

C:\Users\Windows Username\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.4\DBStore

  • WLM 2011 (QFE3 Version) – Windows 7 or Vista

C:\Users\Windows Username\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.5\DBStore

Note: – The Default DBStore folder is a hidden folder of the “15.5” folder.

The Location of DBStore folder in Live ID (Offline) Mode: –

  • WLM 2011 (Pre QFE3 Version) – Windows 7 or Vista

C:\Users\Windows Username\AppData\Local\Microsoft\Windows Live\Contacts\Live ID \15.4\DBStore

  • WLM 2011 (QFE3 Version) – Windows 7 or Vista

C:\Users\Windows Username\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.5\DBStore

Windows Live Mail Viewer

Forensic Analysis of Windows Live Mail Files

In spite of the rise of instant messengers and social networking sites; still emails are a major carrier of data used by corporate environs for the purpose of professional communication. Thus, elimination of such information accidentally or otherwise many arise inconvenience to the user. To balance such disastrous situations, Windows Live Mail comes with a Deleted Items Folder. To store the items deleted from any mail folder of the client, this folder is available. However, cases involving hard deletion of emails that are not handled well by the client. Nevertheless, erasing or deleting email messages permanently does not mean that it’s gone forever, it can still be extracted forensically.

Forensic tracing of the email is used to retrieve the information from mailbox files. In order to do the same, first aware of the email file extension and technicalities related to it. In case of Windows Live Mail, further information can be examined by using forensic strategies.

Windows Live Mail Viewer endow the capability to examine and analyse the Live Mail files using the various attributes such as Header, normal email body examination, viewing the hexadecimal code, message header analysis, MIME view, email hop & plain text view. These make identifying any kind of manipulation in the database. Attachments always deal with crucial digital artifacts and the user friendly interface of the software provide more brief investigation of embedded attachments. With the help of this application, users can search inside Live Mail files and quickly open Live Mail files.

Spread the love

Article Author Details

rollinsduke

1 Comment