Tuesday, October 24, 2017

How to Analyze Multiple Email Types?

January 14, 2015

Businesses and individuals, both levels of communication is done through emails these days and it has become a widespread system for sharing and receiving data. Statistics show that 3.1 billion active email accounts all over the world were recorded in the year 2011. But it is equally true that email communication is allied to illegitimate usage and thus any case cannot be completed without thorough email investigation. On the investigators’ part, it is a cumbersome task to investigate various types of email services.

Why to Choose a Multi-format Supporting Email Investigation tool?

The presence of both web-mail and desktop applications have already created a fuss during examination as all of these applications deal with different storage files and have different internal settings. When a suspect and his electronic storage media, user ids, data, is seized; different sorts of email files or web accounts are traced. For instance a suspect might be associated with MS Exchange at the professional level, for personal level he might be using Gmail application, for another workstation Thunderbird might be his desktop email client. The prime concern in front of examiners is; how to deal with different email files for the same case? Practically it is impossible to choose different tools for different email services.

MailXaminer has been built to relinquish this havoc, it has been developed to support email files belonging to different email applications, belonging to different platforms, and having different email extensions. Tool supports various email applications which have been categorized in an organized manner to make the process feasible for users. The different categories include; File, Web, Image, and Bulk. Below we will discuss about these various tabs supporting unlimited email services;

1). File: First tab is File which comprises of all the email files belonging to major and important email applications. The menu has a list of these email services with the associated email file. It comprises major file formats;

EML: EML file is a plain text electronic mail file which holds a single email in single file along with full message header and message in MIME-encoded form. This EML files can be associated with various email applications like; Mac based Apple Mail, Thunderbird, Windows Live Mail, Outlook Express, etc. If the data seized is in .eml extension, then it is an EML file.

MBX: MBX file comprises whole mailbox; it actually has a structure which make use of straight-level file system as the archived messages are located in same directory where information is generated. Applications like Qualcomm Eudora, Pocomail save their emails in .mbx file format.

OST: MS Exchange user mailbox when configured with cached mode enabled creates an offline OST file. This file is created in the backend to be accessed offline. This file format has more chances to have professional data as it is associated with MS Exchange.

MBOX: This also comprises of complete mailbox as string of emails. Files belonging to Thunderbird, Postbox, and maximum Mozilla-based email applications save its data in MBOX files. So if the evidences have to be traced from such applications, you can choose the MBOX file format.

PST:The most commonly used email client is MS Outlook; which stores data in PST database, also known as a personal storage table. This single file comprises all the emails (of various folders), contacts, calendars, and all the other details belonging to Outlook application.

Others:Many other file formats like EDB (MS Exchange database), IMM (IncrediMail), NSF (Lotus Notes), OLM (Outlook for Mac), MSG, Sea Monkey, The Bat, DBX (Outlook Express), etc. are supported and available in the mail menu which can be added through tab Browse.

MailXaminer

2).  Web: While dealing with the email services available online i.e. web-based email clients. Second tab can be chosen by the investigators. This tab furnishes major web-based email clients like; Gmail, Google apps, Google Apps Admin, Hotmail, IMAP, Yahoo, Live Exchange, etc.

How to Add Credentials?

Single User: Options are provided like; User Name&Password for single user. The credential can be directly provided in these options.

Admin User: For multiple users check the option of Admin user and add the CSV file with all the username and password details.

Filter Option: It also has an option of filtering date-wise where you will have to provide dates to make data available of a particular range of period. The data belonging to that period of time will only be available with the tool.

MailXaminer

3). Image: E01 files belonging to Encase Images can also be added for further interrogation. These E01 files are also supported by MailXminer. EnCase uses this file format to store the digital evidence like disk images, memory, logical files, volume images, etc. in this file format.

MailXaminer

4). Bulk: This tab/category allows you to add email files in bulk. This is very helpful to examine multiple emails in multiple files at once. Investigators have to face millions of emails belonging to multiple email files and to reduce the investment of time, this option was integrated. What you have to do is, click on Add file or Add folder and add the respective email files to the software

MailXaminer

Conclusion: Working with bulk of emails belonging to a variety of email applications can be difficult. MailXaminer, with its extensive support towards distinct email applications belonging to both desktop and web-based email services, can be a decisive solution to examine email evidence. It is rich with many other features like advance searching facilities, recovery of deleted data, different views, etc., which makes it a perfect tool for the email forensic investigation. MS Exchange server, Google Apps, etc. are also supported by this software and data can be analyzed thoroughly for better practices. Developed under highly-skilled professionals, MailXaminer tool is well organized platform for email forensics, which comes up as a solution for how to analyze multiple email types under same software program.

Speak Your Mind