Solved

Recover Deleted Emails from the Exchange 2003 Transaction Logs.

Posted on 2004-08-10
2
435 Views
Last Modified: 2011-10-03
I need to collect all the email sent to and from a specific user.

Exchange was setup to save deleted items for 7 days. I need the information from the last 30 days. I have the transaction logs for that time period. If I do a search of all the logs for "abc@xyz.com", I can see all the emails but they are not readable. I guess they are  saved in some other format. Their should be only about 15 emails scattered in 9-10 log files.

My questions are?
1. What format are they saved in?
2. How can I get to the point of actually reading these emails, and seeing attachments if their are any?
3. Is their a utility that I can say suck all the email for "abc@xyz.com" from the transaction logs and put them in this directory?

Thanks
jfinch@nextwavetel.com
0
Comment
Question by:jeffreywfinch
2 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 250 total points
ID: 11772691
The transaction logs are not designed to be read by anything other than Exchange.

The only way that I can think you will be able to do this is to build another Exchange server, create mailboxes for all the clients that are on the server then replay the Transaction logs.

That is pure theory BTW - I have never done it.

Depending on how critical it is, I would seriously consider going to Microsoft for advice.

Simon.
0
 

Author Comment

by:jeffreywfinch
ID: 11811997
This exchange server actually exists in VMware so a restore of the log file wouldn't be too difficult but it really isn’t worth the effort. I did find out however that the actual email body exist in the log files as text and is easily decoded. So if you open the log in Internet explorer you can scroll through and read all the emails. IE will decode text, rich text, or HTML. The attachments are encoded as they were transmitted with SMTP so you can manually decode them with mime, or whatever format they were moved from server to server in.  As far as I can tell, all the exchange server control messages are in a proprietary Microsoft format. To me the control messages were garbage so I just ignored them.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Resolve DNS query failed errors for Exchange
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now