Search exported ediscovery msg files from exchange compliance center for a string

ediscovery_search_exported_msg_files.ps1

# ediscovery_search_exported_msg_files.ps1
# Search through exported .msg files from content search (exchange compliance center) and return a spreadsheet of email addresses and matched URLs
# Kill outlook
cmd.exe /c "taskkill /F /IM outlook.exe /T 2> nul"

$scriptPath = $(split-path $myinvocation.mycommand.definition)
$inputPath = "$($scriptPath)\inputMails"


# Find all .msg files recursively
$mails = get-childitem  -recurse -Filter *.msg -Path $inputPath

$object = @()
foreach ($mail in $mails) {
try {
    $outlook = new-object -ComObject Outlook.application
    
 
    $msg = $outlook.session.openshareditem($mail.fullname) 
    
 
  # match first URL found
    $URLString = ((Select-String '(http[s]?|[s]?ftp[s]?)(:\/\/)([^\s,]+)' -Input $msg.Body).Matches.Value)
    write-output "Found String: $URLString"

    #match email address found in folder structure
    $emailaddress = ((Select-String '(\w+@\w+\.com)' -Input $mail.fullname).Matches.Value)
    write-output "$emailaddress"

    # Uncomment if you want full body and first last name
    #$tempObject = new-object psobject -Property @{body=$URLString;Topic=$msg.ConversationTopic;to=$msg.to;fullname=$mail.FullName;timestamp=$msg.SentOn }
    $tempObject = new-object psobject -Property @{body=$URLString;to=$emailaddress;timestamp=$msg.SentOn }
    $object += $tempObject
    }
    catch { write-output "Coulnd't open $($mail.fullname)"}
}

$object |sort-object timestamp -Descending |select timestamp,body,to 
$object |sort-object timestamp -Descending |select timestamp,body,to |export-csv -Path "$($scriptpath)\output.csv" -NoTypeInformation -Encoding UTF8
write-output "Total count: $($mails.count)"


cmd.exe /c "taskkill /F /IM outlook.exe /T 2> nul"