[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Outlook Express cache?

Posted on 2004-11-13
Medium Priority
Last Modified: 2010-04-11
I have an employee that I had to fire recently because I suspected him of downloading "hacked" software from usenet sites- in addition to a number of other things.  

Now, he is threatening me with legal action and is saying that I fired him for other reasons.

I am not asking for legal advice here...don't worry.

I would, however, like to respond to his threats with some sort of evidence.  He simply unsubscribed to all of his usenet accounts.

There must be some kind of cache or history for Outlook Express???  I would like to view the contents of that cache as a rebuttal to these threats.  I know he was using Outlook for illegal purposes, but I have no proof.
Question by:mcgeorge40
LVL 49

Expert Comment

ID: 12575904
Hi mcgeorge40,

What are you trying to find like what are the email accounts he had and what are the incoming and outgoing mail server info etc.
mostly if you remove from OE and close OE , it would get erased in the registry and there would be no way of finding info..

give us more info of what exactly you are trying to find .

LVL 88

Expert Comment

ID: 12576005
Do you have a proxy server? Proxy Servers can keep all outgoing / incomming internet traffic looged. That way you could back-track all activity. There is software around with which you can make these logfiles readable by man, meaning you see who visited which sites, etc.

Expert Comment

ID: 12576259
Hate to say it but I hope this is a lesson learned, never terminate anyones employment unless you have some type of documentation to back up your actions. Many pissed off ex employees have gained greatly in lawsuits, wrongful dismissal cases etc... though they were legitamately terminated the proper documentation was not present  and they won thier cases. Sorry I can't help .

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

LVL 20

Accepted Solution

Daniel Van Der Werken earned 500 total points
ID: 12586749
The OE stuff is stored in "Documents and Settings\<USER>\Application Data" and then I can't remember if it's Identities or Microsoft you want to look in next.

Basically, look in there and you'll find the index files as well as other stuff for OE.  You should be able to examine these files and see where he's been on the UseNet.  If he did a cleanup before leaving, then check for cleanup.log and you can see what newsgroups he deleted before cleaning them up.

Hope this helps.  If it's not under "Documents and Settings" then it'll be under \windows\application data.  You want to find the applicable "Application Data" directory and look under "Identities"  (I'm pretty sure).  Then, they'll be a large GUID number named directory and look under that.


Author Comment

ID: 12595433
Woodendude-- Actually, just for the record, in Arizona (and many other states), I can fire someone for any reason I want, other then racial, sexual, religious type discrimination.  I can simply say that there was no more work available and we are making cut-backs.  However, in this particular case, I practically caught the person red-handed.  The only reason I am choosing to acknowledge his silly complaint is because I want make an example of this problem employee.

Author Comment

ID: 12595444
Thanks Dan- that is what I was looking for.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question