We can start the process by following the given steps:

1. Start by creating a new case. To do this, run Intella (you'll see Intella Case Manager), type your name (in our case it's Test), and click the Add... button, as shown in the following figure:

2. Using the Add Case dialog, an examiner can Create a new case, Open a shared case, Add an existing case, or Import a case.

3. As we have decided to create a new case, let's choose Create a new case. Now you can see a few fields to fill in. Also you can choose a folder for storing the temporary indexing files - it improves the indexing speed!

4. It's time to choose our evidence source. As we already mentioned, we are going to use an OST file, so let's choose the File or Folder option, as shown in the following figure:

5. In our case, the file is named test.ost and is located in the root of E: drive, as you can see in the following figure:

6. If you don't like the original name of the source, you can change it to one you like. Also, you should choose the right time zone, or just choose UTC if the right time zone is unknown.

7. OK, let's choose the items we want to process. In our case, they are the following:
   • Mail archives: we are processing an Outlook mailbox, so this is very important
   • Archives: can be attached to emails
   • Images embedded in emails and documents
   • Deleted emails
   • Text fragments from unsupported and unrecognized file types

8. You can skip two next windows and start evidence processing. Once indexing is complete, you will see the overview, as shown in the following figure:

9. Click Finish and you'll see the main window with three tabs; look at the following figure:

10. As you can see, we have 44 items, including the 19 that were recovered. Now we can search the indexed data using different keywords and facets, such as email addresses, phone numbers, author, date, type, and so on. Also, we can use this tab to create cluster maps, histograms, and social graphs, which can be very useful.
11. OK, let's go to the Insight tab, as shown in the following figure:

Here we have the evidence overview. For example, Intella shows us that we are dealing with Microsoft Outlook, we have 19 recovered artifacts, six email messages, and 44 items in total.

12. Let's check the last tab - Keywords. Look at the following figure:

First of all, you can use this tab to add custom keyword lists - it can save you time! Also, you can choose where you want to search. For example, if you want to look for keywords only in the emails' subjects, then you can uncheck all options first and choose only 'Title/Subject'.