Free Download

Built in Rust

Open PST Files Without Outlook. Free.

Drop a PST or OST file and read your emails. Search, browse folders, view attachments. No Outlook, no Office 365, no subscription. Just your emails.

Need more? Version 1.1 adds deleted email recovery, sensitive data scanning and court-ready forensic reports for investigators who need evidence-grade tools.

Also opens OST, MSG and EML files. See our dedicated OST Viewer page.

Sherlock Forensics PST Viewer opens PST, OST, MSG and EML email files on Windows without Outlook. Browse folders, search messages, view attachments and export emails. Free to use. The Forensic Edition at $67 adds deleted email recovery, YARA sensitive data scanning, activity timelines, communication mapping and court-ready PDF reports.

Sherlock Forensics PST Viewer main screen with Open File and Open Folder buttons and left rail navigation

Drop a PST file and start reading your emails

New in v1.1.0

Full Forensic Workstation

Sherlock Forensics PST Viewer v1.1.0 transforms the viewer into a full forensic workstation with deleted-item recovery, YARA scanning, activity timelines, communication mapping, cross-archive search and multi-monitor support. Every new capability operates in read-only mode preserving evidence integrity.

Analysis Tools

Activity Timeline

Interactive histogram of all mailbox activity. Group by day, week, month or hour-of-day. Mouse-wheel zoom from full-archive down to single-day. Anomaly bars (volume > mean + 2 stddev) highlighted in yellow so off-hours bursts pop at a glance.

Communication Map

Force-directed graph of every sender/recipient relationship. PST owner pinned at center. Node sizes scale to message volume. Click any node for a sortable per-contact message list. Find collusion and unusual contact patterns at a glance.

Cross-PST Search

Load multiple custodians' archives into one search modal. Live substring matching across subjects, senders and recipients. Per-archive hit counts. Double-click any hit to jump straight into that PST, that folder, that message.

Sensitive Data Scanning

YARA pattern-scan every message body and attachment. Built-in rules for SSNs, credit cards (Luhn validated), AWS keys, Bitcoin (Base58Check), IBANs, phone numbers and IPv4. Custom YARA rules supported. Zero false positives.

Sherlock Forensics PST Viewer YARA sensitive data scanning results showing detected credit cards and SSNs

YARA sensitive data scanning

Sherlock Forensics PST Viewer cross-archive search across multiple PST files with per-archive hit counts

Cross-PST multi-custodian search

Forensic Recovery

Deleted-Item Recovery

Four independent carving methods scan unallocated PST space: regex scrape for RFC-822 headers, heap-on-node carving, compressed-RTF body recovery and B-tree zombie hunt. Per-method panic isolation. Confidence ratings on every recovered item.

MAPI Property Explorer

Every property the PST stores on a message in one filterable table. Hex IDs, named properties, raw value types. Read the Received hop chain, conversation index, message flags and internal Exchange properties.

Attachment Safe View

Preview attachments without opening them in the OS default handler. Type detection, hex header inspection, plain-text rendering of safe formats. Avoid drive-by exploits in adversarial archives.

Workflow

Multi-Monitor Analysis

Undock the Activity Timeline, Communication Map and Generate Report panes to their own OS-level windows. Drag to a second monitor, resize independently. The main app stays free for folder browsing.

Mark-and-Report

Marks persist across restarts (SHA-256 keyed). Shift+click range-mark. Show marked only filter. Per-folder badge counts. Report modal with per-row remove, PDF/CSV/JSON picker and auto-open on generation.

Verifiable Export

Every bulk export produces an Ed25519-signed manifest. Any third party can verify the export has not been altered using just a hash and a public key. No Sherlock install required to verify.

In-Message Search

Ctrl+F inside any message body. Every match highlights in place with next/previous navigation. Digit-aware mode: searching 1625941771559000 finds 1625 9417 7155 9000 with separators ignored.

Sherlock Forensics PST Viewer deleted email recovery showing recovered messages from unallocated PST space

Deleted email recovery with 4 carving methods

Sherlock Forensics PST Viewer email view with folder tree, message list, attachments and forensic buttons

Full email view with attachments and forensic tools

New in v0.1.6

MSG + EML Support

Sherlock Forensics PST Viewer v0.1.6 reads individual Outlook .msg and RFC-822 .eml messages with the same forensic rigor as the PST path. Open a single file or point it at an entire folder for batch analysis with optional recursive scanning.

What Examiners Can Now Do

  • Single file analysis - drop a .msg or .eml on the viewer for full subject/from/to/body/attachments preview in under a second
  • Folder mode - point it at a folder of messages and every .msg and .eml becomes a browsable list with optional recursive scanning
  • Visual triage - sort, filter and check off messages that matter, then generate a court-ready PDF covering just those
  • Attachment extraction - one click per file or bulk "Save all" with per-attachment SHA-256 logging (Forensic Edition)

Forensic-Grade Analysis

Every MSG/EML opened gets an automatic forensic readout alongside the normal preview:

Message Class Translation

Meeting requests, delivery reports, S/MIME signed messages and internal Exchange messages translated into plain language.

MSG Encoding Detection

Unicode vs ANSI encoding surfaced clearly. Critical for non-Latin character evidence.

MAPI Timestamps Side-by-Side

Created, Modified, Submit and Delivery timestamps shown together so divergences jump out immediately.

SMTP Transport Chain

Every Received header parsed into a visual hop-by-hop trail. Single-line origin-to-destination summary answers "where did this message come from" at a glance.

Authentication Results

SPF, DKIM and DMARC verdicts with plain-English explanations. Instantly see if the sender domain's authentication passed or failed.

Anomaly Flags

Missing sender, auth failures, internal Exchange messages, unverifiable signatures, Message-ID/sender domain mismatches. All flagged automatically.

Chain of Custody

  • Every file opened gets its own SHA-256 computed locally (never uploaded)
  • Folder mode produces a manifest hash - SHA-256 over every file's path + hash, reproducible by any third party
  • Every operator action (open, view, mark, save attachment, generate report) is appended to the per-evidence chain-of-custody log

Compare

Free vs Pro

FeatureFreePro ($67)
Open PST/OST filesYesYes
Open MSG/EML filesYesYes
Folder mode (batch MSG/EML scan)YesYes
View emails, contacts, calendarYesYes
Search within PSTYesYes
SHA256 hash verificationYesYes
SMTP transport chain visualizationYesYes
SPF/DKIM/DMARC authentication resultsYesYes
Anomaly detection flagsYesYes
MAPI timestamp comparisonYesYes
MSG encoding detection (Unicode/ANSI)YesYes
Chain of custody loggingYesYes
Multi-monitor detachable windowsYesYes
Activity timeline with anomaly detectionYesYes
Communication map (force-directed graph)YesYes
Cross-PST searchYesYes
MAPI property explorerYesYes
In-message Ctrl+F search (digit-aware)YesYes
Mark persistence across restartsYesYes
Per-folder badge countsYesYes
Background folder pre-scanYesYes
Deleted-item recovery (4 carving methods)NoYes
Sensitive data scanning (YARA, built-in rules)NoYes
Custom YARA rulesNoYes
Attachment safe viewNoYes
Range-mark with Shift+clickNoYes
Show marked only filterNoYes
Verifiable export container (Ed25519)NoYes
Attachment extraction (byte-level)NoYes
Export to EML/MSGNoYes
Mbox exportNoYes
Batch exportNoYes
Court-ready PDF reportsNoYes
Per-message SHA-256 hashingNoYes
Sender IP attributionNoYes
Priority supportNoYes

Forensic Reports

Court-Ready Forensic Reports

Sherlock Forensics PST Viewer Forensic Edition generates multi-page PDF forensic reports with SHA-256 hash verification per message, sender IP attribution from RFC-822 Received headers, SPF/DKIM/DMARC authentication results and chain of custody documentation. Reports are produced from read-only analysis with reproducible results.

Why Courts Accept Sherlock Reports

Every report produced by Sherlock Forensics PST Viewer Forensic Edition is built on six pillars of forensic integrity that courts require for digital evidence admission.

SHA-256 Per Message

Each email in the report carries its own SHA-256 hash. Verify individual messages independently without needing access to the full PST archive.

Sender IP Attribution

Originating IP address and hostname extracted from the RFC-822 Received header chain. Establishes where each message actually came from.

SPF/DKIM/DMARC Per Message

Authentication-Results headers parsed for each message. See whether the sender domain's email authentication passed or failed at delivery time.

Chain of Custody

Examiner ID, tool version, session ID, timestamp and source file SHA-256 documented. Every action from file open to report generation is logged.

Read-Only Analysis

The source file is never written to. Your original evidence remains byte-for-byte identical before and after examination.

Reproducible Results

Any qualified examiner can open the same PST file and produce identical hash values and attribution data. Results do not depend on the examiner or machine.

What the PDF Report Contains

Each generated report is a multi-page PDF structured for court submission.

  • Title page with case metadata including tool version, license holder, session ID, timestamp and source file SHA-256
  • Per-email evidence cards with sender attribution (name, email address, source IP and hostname from Received headers) and Authentication-Results
  • Recipient tables documenting To, Cc and Bcc fields with display names
  • Body content with HTML converted to readable text
  • SHA-256 hash computed individually for each message in the report

Mark Emails. Generate Report.

The workflow is straightforward. Browse or search the PST archive to locate relevant messages. Check the box next to each email you want included. Click Generate Report. Sherlock Forensics PST Viewer Forensic Edition produces the court-ready PDF with all forensic metadata included automatically. Marks are stored separately from the evidence file, preserving source integrity.

Pricing

One-Time Payment. Yours Forever.

Pro License

$67 USD
Single machine license. No subscription. One-time payment. Yours forever.
  • All free features included
  • Deleted-item recovery (4 carving methods)
  • YARA sensitive data scanning
  • Attachment safe view (sandboxed)
  • Verifiable export container (Ed25519)
  • Byte-level attachment extraction (single + bulk)
  • Export to EML/MSG formats
  • Mbox export
  • Batch export entire PST archives
  • Court-ready PDF forensic reports
  • Chain of custody logging
  • Priority email support
  • 30-day money-back guarantee

5+ machines? Contact us for volume pricing.

Use Cases

Who Uses Sherlock Forensics PST Viewer

Legal and eDiscovery

Law firms and litigation support teams use Sherlock Forensics PST Viewer to review email archives during discovery. SHA256 hashing preserves evidentiary integrity. The Forensic Edition generates forensic reports suitable for court filing. Pairs with our expert witness services for testimony support.

IT Administrators

Recover and review emails from departed employees without reactivating Exchange or Microsoft 365 licenses. Search archived PST files for specific communications during internal audits. No Outlook installation required on review workstations.

Forensic Examiners

Purpose-built for forensic workflows. SHA256 hash verification on every message establishes chain of custody. Export individual messages or entire folders for inclusion in forensic investigation reports. Used alongside our full forensic tool suite.

HR and Compliance

Review archived employee email for policy violations, harassment investigations or regulatory compliance. Search across entire PST archives by keyword, date range or sender without involving IT. Chain of custody logging in Pro maintains investigation integrity.

Personal Use

Access old email backups without an active Outlook license. Search years of archived correspondence. View contacts and calendar entries stored in PST format. The free edition handles all personal use scenarios with no restrictions or expiry.

Guide

How to Open a PST File Without Outlook

  1. Download Sherlock Forensics PST ViewerDownload the free installer from this page. 33 MB. SHA256 verified for integrity.
  2. Install and LaunchRun the installer on Windows 10 or 11. No admin privileges required. Launch from the Start menu.
  3. Open Your PST or OST FileClick Open File and browse to your .pst or .ost file. The viewer loads the folder structure and message list automatically.
  4. Search and BrowseUse the search bar to find emails by sender, subject or keyword. Browse Inbox, Sent Items, Contacts and Calendar folders.
  5. Verify and ExportView SHA256 hashes to confirm data integrity. Pro users can export to EML/MSG, generate forensic reports and log chain of custody.

Compare

Why Sherlock Forensics PST Viewer

Forensic Pedigree at a Fraction of the Cost

SysTools PST Viewer Forensic Edition costs $299 USD. Kernel PST Viewer charges $79 USD. Sherlock Forensics PST Viewer Forensic Edition is $67 USD (approximately $49 USD) with capabilities neither competitor offers: SHA256 hash verification per message, forensic report generation and chain of custody logging built by CISSP, ISSAP and ISSMP certified examiners with 20 years of courtroom experience.

Most PST viewers are built by software companies. Sherlock Forensics PST Viewer is built by forensic investigators who use it in active casework. The difference shows in the details: hash verification, evidence integrity and documentation that courts accept. Read our full 2026 PST viewer comparison or see our side-by-side PST viewer comparison table.

Changelog

Release History

v1.1.0 (2026-05-13)

  • Multi-monitor support with detachable analysis windows
  • Activity timeline with anomaly detection for send/delete volume spikes
  • Communication map as force-directed graph with per-edge message filtering
  • Cross-PST search across multiple custodian archives
  • YARA-based sensitive data scanning with format validators (Luhn for credit cards)
  • Deleted-item recovery using four independent carving methods
  • MAPI property explorer for raw property inspection
  • Attachment safe view with sandboxed rendering
  • Verifiable export container with Ed25519 signatures
  • Mark persistence across sessions with range-mark, show-marked-only and folder badges
  • In-message Ctrl+F search with digit-aware matching

v0.1.6 (2026-04-18)

  • MSG and EML file support (single file and folder batch mode)
  • MSG encoding detection (Unicode/ANSI)
  • Recursive folder scanning

Questions

PST Viewer FAQ

Is Sherlock Forensics PST Viewer really free?
Yes. The free edition lets you open PST and OST files, browse all emails, contacts and calendar items, search across the entire archive and verify SHA256 hashes. No trial period and no feature expiry. The Forensic Edition at $67 USD adds export, forensic reporting and chain of custody logging.
Do I need Microsoft Outlook to open a PST file?
No. Sherlock Forensics PST Viewer opens PST and OST files without Outlook installed. It reads the PST format directly using its own parser. No Microsoft Office license required.
What is the difference between PST and OST files?
PST (Personal Storage Table) files are offline copies of mailbox data that can be moved between machines. OST (Offline Storage Table) files are local cached copies tied to an Exchange or Microsoft 365 account. Sherlock Forensics PST Viewer opens both formats.
Can I use this for forensic investigations?
Yes. The tool computes SHA256 hashes for every message, which establishes data integrity for legal proceedings. The Forensic Edition adds forensic report generation and chain of custody logging suitable for court submission.
What operating systems are supported?
Windows 10 and Windows 11 (64-bit). macOS and Linux are not currently supported.
How large of a PST file can it handle?
Sherlock Forensics PST Viewer handles PST files up to 50 GB. Files over 20 GB may take longer to index on initial load. Performance depends on available system memory.
Is the $67 price a subscription?
No. The $67 USD Pro license is a one-time payment. No subscriptions, no recurring charges. You own the license permanently with free updates included.
How do I verify the download is safe?
Every download displays a SHA256 hash on the download page. After downloading, compute the SHA256 of the file and compare it to the published hash. If the values match, the file has not been tampered with. Use our Sherlock Forensics Hash tool or any SHA256 calculator.
Can I export emails from a PST file?
The Forensic Edition ($67 USD) supports exporting individual emails or batch exports to EML and MSG formats. The free edition is view-only with search and hash verification.
Do you offer volume licensing?
Yes. For 5 or more machines, contact Sherlock Forensics at 604.229.1994 or info@sherlockforensics.com for volume pricing.
Are Sherlock Forensics PST Viewer reports admissible in court?
Sherlock Forensics PST Viewer Forensic Edition generates forensic PDF reports with SHA-256 hashing per message, sender IP attribution extracted from Received headers, chain of custody documentation and read-only analysis verification. The tool is built by CISSP, ISSAP, ISSMP certified examiners with 20 years of courtroom experience. Admissibility depends on jurisdiction and proper evidence handling, but the reports document everything courts typically require for digital evidence admission.
How does per-message SHA-256 hashing work?
Each email in the PST archive is individually hashed using SHA-256 when included in a forensic report. This creates a unique cryptographic fingerprint for every message. Any modification to a single email would produce a completely different hash value, allowing independent verification of each message without needing to re-examine the entire archive.
Can I use Sherlock Forensics PST Viewer reports in civil litigation?
Admissibility depends on your jurisdiction and how evidence was handled throughout the investigation. Sherlock Forensics PST Viewer Forensic Edition reports document SHA-256 per-message hashes, sender IP attribution from RFC-822 Received headers, SPF/DKIM/DMARC authentication results, chain of custody and examiner identification. These are the elements courts typically require when evaluating digital evidence in civil proceedings.
Will Sherlock find emails the user deleted?
Yes. Sherlock Forensics PST Viewer v1.1.0 includes deleted-item recovery with four carving methods. It scans unallocated space in the PST file and recovers messages that were emptied from the Deleted Items folder. Recovered messages appear in a dedicated Recovered Items view with metadata intact where available.
Can I scan a PST for credit cards, SSNs, and other sensitive data?
Yes. The YARA-based sensitive data scanner in v1.1.0 detects credit card numbers, Social Security numbers, passport numbers and other PII patterns across every message in the archive. Each match is validated with format-specific checks such as Luhn for credit cards to reduce false positives.
Can I work on two monitors?
Yes. Sherlock Forensics PST Viewer v1.1.0 supports multi-monitor workflows. You can detach the message detail panel, the activity timeline, the communication map or any analysis window and move it to a second monitor. This lets you keep the message list on one screen and evidence detail on another.
Will my marks survive a restart?
Yes. Marks are persisted to a sidecar file stored alongside your evidence. When you reopen the same PST file your previous marks are restored automatically. The sidecar file never modifies the original evidence.
How do I search inside a long email body?
Press Ctrl+F while viewing a message to open the in-message search bar. The search is digit-aware so queries like 1234 will match 1,234 and 1234.00 as well as the literal string. Matches are highlighted with next/previous navigation.
Can I search across multiple custodians' PSTs at once?
Yes. Cross-PST search in v1.1.0 lets you open multiple PST files and run a single query across all of them. Results are grouped by source file with hit counts per archive. This is useful for multi-custodian eDiscovery where you need to find a keyword across several mailboxes simultaneously.

Get Started

Download Sherlock Forensics PST Viewer Today

Free for viewing, searching and hash verification. Pro at $67 USD for export, forensic reports and chain of custody logging. Built by the same team that delivers expert witness testimony and forensic investigations in Canadian courts. Read our launch story. See also: how to open a PST file forensically, recover deleted emails from PST files, why PST files matter for eDiscovery, chain of custody software, forensic report generator and email preservation for litigation, workplace investigation evidence, free PST viewer comparison 2026, private investigator forensic tools and MSG + EML support in v0.1.6, MSG Viewer and EML Viewer.

Since 2006CISSP, ISSAP, ISSMP certified604.229.1994
5293d2a21271f8a7cd35c0c312fc0f873c9a6980bb14f70c82c91827026c9b84

How to verify:
1. Open PowerShell (right-click Start menu, click Terminal)
2. Run: Get-FileHash .\sherlock-pst-viewer.exe
3. Compare the output with the hash above. If they match, the file has not been tampered with.

Sherlock Forensics PST Viewer is provided for lawful use. Terms of Service

Download

Enter your details to download. We will send you update notifications for new versions.

Checkout - PST Viewer Forensic Edition

$67.00 USD. One-time payment. License key delivered to your email.

Secure via Stripe 30-day money back No subscription