AutoDiscover Forensics

Status
Not open for further replies.

Bryan Milne

New Member
Outlook version
Outlook 2016 64 bit
Email Account
Exchange Server 2013
I am told that there are some who frequent this forum who carry out email forensics.

I am currently working a case where I have recovered several fragments of AutoDiscover.xml files. This is a single user computer in an Active Directory environment and as expected I have the user's AutoDiscover.xml file in its complete form.

In addition to the user's AutoDiscover file I have carved fragments of several other user's AutoDiscover.xml files using a grep search for "\<AutoDiscoverSMTPAddress\>.*@domain.org\<\/AutoDiscoverSMTPAddress\>" including a fragment which had intact HTTP headers dating the access time to the Exchange server.

I have been unable to find any documentation online which would indicate legitimate circumstances in which this might occur.

Can anybody point me to a definitive guide as to when user2's AutoDiscover.xml information would be accessed by user1 in the domain? Could this occur if user1 accessed user2's calendar?

Thanks for reading and any pointers are very much appreciated.
 
Status
Not open for further replies.
Similar threads
Thread starter Title Forum Replies Date
Q Problems with Autodiscover Outlook 2016 Using Outlook 0
EXChange2013 Exchange 2013 AutoDiscover Tweaks? Exchange Server Administration 0
A Exchange 2003 Outlook 2010 64 Bit- AutoDiscover Connection Err - Certificate Exchange Server Administration 9
M Outlook 2007 AutoDiscover Using Outlook 0
A Exchange Autodiscover SSL issue Exchange Server Administration 7
M Initial Outlook Configuration with AutoDiscover populates wrong email address Using Outlook 5
N Outlook 2007 Clients Pointed to Wrong Domain Name for Autodiscover Using Outlook 2
N Exchange 2007 SP1 + Outlook 2007/2010 - Autodiscover for Outlook Anywhere and Out of Office not working Using Outlook 1
S Load balance Autodiscover with multiple CAS servers. Exchange Server Administration 2
S Load balance Autodiscover with multiple CAS servers. Exchange Server Administration 3
K testing autodiscover and exchange coexistence Exchange Server Administration 2
D CAS Autodiscover using -rpcclientaccessserver Exchange Server Administration 5
C The Autodiscover service couldn't be located. Exchange Server Administration 8
C Exchange server 2010 error "The Autodiscover service couldn't be located." Exchange Server Administration 1
J Autodiscover accounts on exchange 2003 with Outloook 2010 not working Using Outlook 4
Z Autodiscover Points to defunct Exchange 2010 Server Exchange Server Administration 5
M Autodiscover not configuring Outlook Anywhere Using Outlook 10
C Prevent clients outlook anywhere URL from being changed by autodiscover? Using Outlook 4
L Reinstall IIS / Autodiscover virtual directories on an computer running Exchange 2010 server? Exchange Server Administration 6

Similar threads

Top