Recover Deleted Emails from the Exchange 2003 Transaction Logs.

Posted on 2004-08-10
Last Modified: 2011-10-03
I need to collect all the email sent to and from a specific user.

Exchange was setup to save deleted items for 7 days. I need the information from the last 30 days. I have the transaction logs for that time period. If I do a search of all the logs for "", I can see all the emails but they are not readable. I guess they are  saved in some other format. Their should be only about 15 emails scattered in 9-10 log files.

My questions are?
1. What format are they saved in?
2. How can I get to the point of actually reading these emails, and seeing attachments if their are any?
3. Is their a utility that I can say suck all the email for "" from the transaction logs and put them in this directory?

Question by:jeffreywfinch
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 104

Accepted Solution

Sembee earned 250 total points
ID: 11772691
The transaction logs are not designed to be read by anything other than Exchange.

The only way that I can think you will be able to do this is to build another Exchange server, create mailboxes for all the clients that are on the server then replay the Transaction logs.

That is pure theory BTW - I have never done it.

Depending on how critical it is, I would seriously consider going to Microsoft for advice.


Author Comment

ID: 11811997
This exchange server actually exists in VMware so a restore of the log file wouldn't be too difficult but it really isn’t worth the effort. I did find out however that the actual email body exist in the log files as text and is easily decoded. So if you open the log in Internet explorer you can scroll through and read all the emails. IE will decode text, rich text, or HTML. The attachments are encoded as they were transmitted with SMTP so you can manually decode them with mime, or whatever format they were moved from server to server in.  As far as I can tell, all the exchange server control messages are in a proprietary Microsoft format. To me the control messages were garbage so I just ignored them.

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question