Different engines produce different results #42
Description
You will get different results when running srum_dump.exe -e pyesedb and its default mode srum_dump.exe -e dissect
Several forensics tools including pyesedb and Nirsofts EseDatabaseView.exe incorrectly report data in fields that are blank. The resolution is to use run srum_dump.exe with its default mode that uses the dissect.ese parser. An excellent explanation with receipts of which one is correct is in this closed ticket on the dissect repo.