Sherlock NSF Viewer v1.1.0: Forensic-Grade Lotus Notes Migration Without Domino
NSF Viewer v1.1.0 ships direct NSF to PST conversion plus the chain-of-custody forensic stack Kernel does not ship. One $297 lifetime tool covers both the migration job and the forensic depth.
For two decades, Lotus Notes migration meant one of two things. Pay Quest On Demand or Microsoft FastTrack five to fifty dollars per mailbox and revive a Domino licensing footprint just to extract the data. Or buy Kernel for NSF to PST at $249 to $499 per tier and accept that the moment you have your PST, the work is done. Chain of custody, court-ready reporting and EDRM XML metadata for review platforms is somebody else's problem.
Today Sherlock Forensics NSF Viewer v1.1.0 ships a third path. The same pure-Rust writer that powers PST Viewer v1.3.0 now drives the user-facing NSF to PST conversion in NSF Viewer v1.1.0. For $297 lifetime you get both the conversion AND the forensic stack that Kernel does not ship.
What changed in v1.1.0
NSF v1.0.0 shipped in early 2026 with structured JSONL forensic export plus EDRM XML metadata for Relativity, Concordance, Logikcull, Reveal and Everlaw. The conversion path to PST was source-tree-ready but not yet in the customer-downloadable binary.
v1.1.0 (released 2026-06-07) ships that conversion path in the binary. Authorized v1.0.0 buyers receive the upgrade as part of the lifetime license. The download URL stays the same; the binary at sforensics.com/downloads/sherlock-nsf-viewer.exe now resolves to v1.1.0.
The headline additions:
- Direct NSF to PST conversion for Outlook import (the feature this release is named for)
- Continued structured JSONL forensic export with per-message NoteID plus SHA-256 plus chain-of-custody metadata
- EDRM XML metadata generation for litigation production
- Sherlock Bates numbering applied across both JSONL and PST outputs in the same matched run
- Control Flow Guard (Windows CFG, IMAGE_DLLCHARACTERISTICS_GUARD_CF) enabled in the build
- Build hygiene:
--lockedcargo flag on release builds, build.rs writes confined to$OUT_DIR, supply-chain audit cycle complete
Why procurement-grade engineering matters
Banks, insurers, government departments and healthcare systems running NSF archives for legal-hold compliance run vendor risk assessments before they will accept a tool into evidence-chain workflows. Those assessments include hardening-flag rows, code-signing chain audits, dependency CVE reports and supply-chain integrity questionnaires.
The v1.1.0 release ships with that documentation surface pre-staged:
- Authenticode EV signature (Sherlock Forensics Ltd, SSL.com EV intermediate)
- RFC-3161 timestamp authority countersignature chained to 2034-11-12 (signatures stay valid past cert expiry)
- DEP, ASLR with high-entropy 64-bit base, Control Flow Guard ON
- Zero outbound network code in the binary (offline file processor by design, no telemetry, no auto-update poller)
- Cargo dependency CVE audit clean; supply-chain integrity audit confirms the customer-downloadable binary is byte-identical to what was signed
For a forensic tool that ships into chain-of-custody workflows, that engineering posture is the difference between getting through procurement and getting kicked back for a security questionnaire.
NSF to PST without trading forensic depth
The Kernel vs Sherlock decision used to come down to workflow scope. If your job was convert NSF to PST and move on, Kernel was sufficient and cheaper at $249 to $499 per tier. If your job was NSF forensics or NSF e-discovery review, Sherlock at $297 lifetime was the forensic-tier choice but you lost the conversion path.
v1.1.0 collapses that trade-off. Sherlock now does both. The conversion runs in the same Rust pipeline that powers PST Viewer v1.3.0's first pure-Rust PST writer, which passes Microsoft's own scanpst.exe at the same level as files Outlook itself creates. Output validated to the byte against scanpst's repair output on real multi-thousand-message mailboxes.
The forensic stack that Kernel does not ship (SHA-256 per artifact, chain of custody with centisecond timestamps, court-ready PDF, NSF Bates numbering, EDRM XML output for review platforms, cryptographic NoteID identity verification) ships in the same matched binary. Pay once for the lifetime license and you get the migration AND the forensic depth in one tool.
Pick Kernel only if your workflow requires their specific Outlook-side import tooling or their historical familiarity is a procurement requirement.
Workflow examples
E-discovery production by a litigation paralegal: ingest a respondent's NSF archive, produce JSONL with NSF Bates numbering for ingestion into Logikcull or Relativity then produce a parallel PST output for opposing counsel review. Two formats from one matched run.
Legal-hold administrator at a bank still running Notes for compliance: examine a 2009 NSF archive subject to legal hold, extract messages with the chain-of-custody report attached then produce a PST for delivery to outside counsel. The Forensic Edition's tamper-evident output survives evidentiary review.
Regulatory archive examination at a healthcare insurer: parse decade-spanning NSF archives, identify sealed items via the ITEM_SEAL flag and surface TYPE_SEAL structure metadata, produce a court-ready PDF report with examiner attestation. The signed JSON chain-of-custody document detects any subsequent tampering cryptographically.
How to upgrade
If you bought v1.0.0, the upgrade is included in your lifetime license. Visit sforensics.com/pages/sherlock-nsf-viewer.html and download the v1.1.0 binary. Your existing license key continues to work.
If you have not bought yet, the Forensic Edition is $297 lifetime. Single signed .exe at 6.5 MB. No Notes runtime, no Domino server, no MAPI dependency. Free to view and triage; the forensic features unlock with a Forensic Edition license.
Engineering deep dive
For the architectural story behind the pure-Rust writer that powers both PST v1.3.0 and NSF v1.1.0, see the engineering blog post: Building the First Rust PST Writer.
Get NSF Viewer v1.1.0 Get PST Viewer v1.3.0
About the author
Ryan Purita is the principal digital forensic examiner at Sherlock Forensics in Vancouver, BC. He founded the firm in 2004. He holds CISSP-ISSAP and ISSMP certifications and is a court-qualified expert witness in BC Supreme Court, BC Provincial Court and Newfoundland Provincial Court. He has conducted thousands of forensic examinations spanning criminal prosecution, criminal defence, civil litigation, corporate fraud and regulatory compliance.
If you have a matter that needs forensic NSF or PST analysis or chain-of-custody preservation work, call Sherlock Forensics at 888.883.4550 or visit the services overview.
Last updated: 2026-06-08. NSF Viewer v1.1.0 signed Authenticode EV; SHA-256 e39c2fa22662b97f36ba77cfcdfe983227b8e2f5663cb94b02e1a064025472a9.