• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 450
  • Last Modified:

Recover Deleted Emails from the Exchange 2003 Transaction Logs.

I need to collect all the email sent to and from a specific user.

Exchange was setup to save deleted items for 7 days. I need the information from the last 30 days. I have the transaction logs for that time period. If I do a search of all the logs for "abc@xyz.com", I can see all the emails but they are not readable. I guess they are  saved in some other format. Their should be only about 15 emails scattered in 9-10 log files.

My questions are?
1. What format are they saved in?
2. How can I get to the point of actually reading these emails, and seeing attachments if their are any?
3. Is their a utility that I can say suck all the email for "abc@xyz.com" from the transaction logs and put them in this directory?

Thanks
jfinch@nextwavetel.com
0
jeffreywfinch
Asked:
jeffreywfinch
1 Solution
 
SembeeCommented:
The transaction logs are not designed to be read by anything other than Exchange.

The only way that I can think you will be able to do this is to build another Exchange server, create mailboxes for all the clients that are on the server then replay the Transaction logs.

That is pure theory BTW - I have never done it.

Depending on how critical it is, I would seriously consider going to Microsoft for advice.

Simon.
0
 
jeffreywfinchAuthor Commented:
This exchange server actually exists in VMware so a restore of the log file wouldn't be too difficult but it really isn’t worth the effort. I did find out however that the actual email body exist in the log files as text and is easily decoded. So if you open the log in Internet explorer you can scroll through and read all the emails. IE will decode text, rich text, or HTML. The attachments are encoded as they were transmitted with SMTP so you can manually decode them with mime, or whatever format they were moved from server to server in.  As far as I can tell, all the exchange server control messages are in a proprietary Microsoft format. To me the control messages were garbage so I just ignored them.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now