Working with Filters – Feature of MailXaminer Tool

MailXaminer | March 14th, 2018 | Forensics

Cyber teams are busy these days in investigating cyber crimes occurring nearly at the end at any time of today’s far open global IT network. More so, this situation becomes critical for cyber teams as generally the volume of data being analyzed for a particular cyber investigation project to complete with success is huge, and only data pointer at times can increase the time to complete the investigation in all aspects.

For this reason, just to expedite the process and to help extract the desired evidence to brought to surface the factual details of the crime, the digital forensic experts need powerful tools such as MailXaminer tool which hosts a variety of features to simplify the very complex nature of data elements and filter them in a way to hit the bull’s eye, i.e., exposing what is deemed as cybercrime by the judiciary.


The video explains the process of filtering using the tool. Filters are important in the digital forensic process for investigators. The filters are created based on GREP expressions, which can easily search and match exact data strings. The GREP filter search enables the investigator to create new filters during the process of investigation of data to filter the data items that contain particular GREP expressions or sequence of words.

Like an investigator wishes to filter out the “deleted files,” he can create a filter named “Deleted Files,” and can easily filter out the files which were deleted by the user/cyber criminal, either accidentally or intentionally at the time of crime or post-crime, and all the files that were deleted by the criminal are stacked in a folder called “Deleted Files”,and then the meta tags can easily be identified and investigated upon.