Get-ReadStatus

Open secabstraction opened this issue 7 years ago • 0 comments

The script used to retrieve mail read status (GetReadStatus.ps1) is not forensically sound. Mail clients have to intentionally set this flag when the mail is read. Anyone writing malicious automation against MSGraph/EWS endpoints is likely not flagging messages as read and then marking them as unread. This would only return positive results for mail reads via an existing email client, e.g. Outlook.

https://msdn.microsoft.com/en-us/library/ee160304(v=exchg.80).aspx

Sep 04 '18 19:09 secabstraction