Chaos Intellect Forensics – Search for Evidence

Creative Team | May 28th, 2016 | Forensics


Chaos Intellect is an Email Client developed by Chaos Software Group. It was first appeared as Chaos contact manager with the tag line “try before you buy”. Since then it is under improvement to fulfil the need to current users. The version 3 of Chaos Intellect was the first product which had all features and functionalities like Email Client and totally focused on Mailing services.
Chaos Intellect is also a part of Chaos University which provides training about usage of Chaos Intellect. This software provide user an option to create a project through which every team member can connect to each other and share their created notes, appointments, tasks. See fig 1 for main screen of Chaos Intellect Email Client.

Chaos Intellect

Figure 1: Chaos Intellect

Chaos Intellect is really a good email client which allow users to access emails, and provides facility to work like no other email client does. This is the first email client which has separate function for project management. Chaos Intellect allow users to connect with SMTP, POP3 and IMAP protocols. It also allow users to backup-data and restore mails, calendars, contacts, tasks, and projects. It creates backup file with extension of .bak in selected folder.

Examining Chaos Intellect Emails for Evidence

As you read that in above paragraphs about the capability of Chaos Intellect and its provided functionalities and features like Project Management, Mailing Services which makes it a good Project Management tool and Email Client. There are many users from all over the world who uses Chaos Intellect as primary email client. Therefore probability of any cyber crime with this Application is very often. Investigator need a tool which can search for evidence from Chaos Intellect user database.
Investigator may use a forensic utility named as MailXaminer Software for finding evidence in user data from the used Chaos Intellect Email client. The software is enough efficient for forensics purpose. As it is having functionality for Video Analysis, Geo Mapping, Auto Tagging, Skin Tone Analysis, Email Investigation, Cloud based database review and many more. MailXaminer supports 20+ Email storage file formats, and more than 80 email clients for email forensics and capable for searching evidence in terabytes of user data.
Before going for investigation, investigator have to locate the default user database folder location or backup-data from Chaos Intellect application. Default user data location can be found at this location in computer: C:\Users\admin\Documents\Chaos Data
See figure 2 for default user data location of Chaos Intellect Email Client.

User Data Location

Figure 2: User Data Location

As you have seen that in fig 2 the main folder structure of Chaos Intellect user data. But when you will navigate inside the Mail folder then you get each mail folder managed separately, see fig 3 for email storage structure of Chaos Intellect.

Email Storage Structure

Figure 3: Email Storage Structure

As you can see in figure 3 each folder store emails separately and inside each folder every emails are saved in MSG file format.
It is really easy for investigator to investigate for evidence from list of emails because every emails are already stored in separate folder according to folder structure. Therefore investigator can easily pick any target folder for searching evidence. But there is some disadvantage of this storage structure. There is the probability of increased data corruption during transfer into any removable devices. Therefore I will recommend you to transfer data into Tar or Zipped folder first then try to transfer into any other devices.


Chaos Intellect is a good email client and project management tool therefore now days there are many users who are using this software. But with the increased usage or Chaos Intellect there is also increased probability of cyber crime using this application. All user data are saved separately at default location and saved according to folder structure as Application Interface.
We also discussed about MailXaminer Email Investigation Tool which allow investigator to search for evidence in user database in easy and efficient way.