Forensicsforensicsemailoutlookdbxrecoveryundelete

undbx

UnDBX is a tool to extract, recover, and undelete email messages from Microsoft Outlook Express .dbx files. It is useful in forensics investigations for parsing corrupted files and recovering deleted messages.

Description

UnDBX extracts, recovers, and undeletes email messages from .dbx files used by MS Outlook Express or similar email programs in MS Windows. It can parse corrupted .dbx files to recover messages and attempt to undelete messages not only from Deleted Items but also from fragments of deleted messages that were not overwritten.

The tool is particularly valuable in forensics investigations where access to email data from .dbx files is needed. It supports recovery mode for damaged files and provides options for handling deleted messages and file naming.

UnDBX processes .dbx folders or individual files, outputting emails to a specified folder with configurable verbosity and safety options.

How It Works

UnDBX parses .dbx file structures to extract email messages, including handling corrupted data in recovery mode. It identifies and recovers messages from fragments, distinguishes deleted messages (moving them to a 'deleted' sub-directory by default or deleting with -D), ignores empty messages if specified, and generates locale-safe filenames. Debug output and verbosity levels aid in troubleshooting parsing issues.

Installation

bash

sudo apt install undbx

Flags

-h, --helpshow this message

-V, --versionshow only version string

-v, --verbosity Nset verbosity level to N [default: 3]

-r, --recoverenable recovery mode

-s, --safe-modegenerate locale-safe file names

-D, --deletedelete messages from the destination directory that were deleted from the dbx file [default behavior is to move such messages to a sub-directory named 'deleted']

-i, --ignore0ignore empty messages

-d, --debugoutput debug messages

Examples

Show the help message for undbx

undbx -h

Extract emails from a DBX folder to current directory (default verbosity 3)

undbx <DBX-FOLDER>

Extract emails from a DBX file to specified output folder

undbx <DBX-FILE> <OUTPUT-FOLDER>

Enable recovery mode to parse corrupted DBX folder

undbx -r <DBX-FOLDER> <OUTPUT-FOLDER>

Set high verbosity (5) and safe-mode filenames for DBX file extraction

undbx -v 5 -s <DBX-FILE> <OUTPUT-FOLDER>

Delete recovered messages that were deleted in the DBX file (instead of moving to 'deleted' subdir)

undbx -D <DBX-FOLDER> <OUTPUT-FOLDER>

Ignore empty messages and output debug info while extracting from DBX file

undbx -i -d <DBX-FILE>

Updated 2026-04-16kali.org ↗