Importance Of EML File Format In Email Forensics

MailXaminer | January 29th, 2019 | Forensics

EML file format is the standard file format used by email clients like Mozilla Thunderbird, Outlook Express etc. EML is standing for electronic mail or Email. And it created to act in accordance to MIME RFC 822 industry standard so that can be used with most of the email clients, servers and applications. This file format is used to save single email message either as a backup or for sharing. EML file contains the information related to single emails such as email message, ASCII text for the header, attachment, and Hyperlinks. The attachments in the EML file type either included in the MIME content otherwise separately stored in another file. EML files can be viewed using Notepad or other text editors because it is a plain text file

EML file extension is easy to generate in a desktop email client like Mozilla Thunderbird. It needs to drag and drop the email message so that it will create the EML file for the required email outside the database. EML file format is helpful during the transfer of the email messages. Because it allows sharing single email data without sharing the entire mailbox data. Normally EML file extension creates individual files for each email message of the particular email client. Since EML format is similar to MHT (MIME HTML) it can be directly open in web browsers like Internet Explore, Opera and Mozilla Firefox by renaming the file extension.

Features of EML File Format

EML is plain text file used to save single email message for the purpose of backup or sharing. The main features of EML File type that make it differ from other file formats are:

  • It follows Multipurpose Internet Mail Extension Format protocol.
  • EML is plain text formatted file so it can easily open using any text editors.
  • It supports Non-ASCII characters, Non-text attachments, and body messages.
  • It complies with MIME RFC 822 Industry standard.
  • It can directly open in Web browsers by changing the extension from “.eml” to “.mht”.
  • It has a wide range of accessibility because it supports both Mac & Windows operating system.
  • It can be viewed with most of the email client such as “Mozilla Thunderbird, MS Outlook, Outlook Express” etc.

Examination Of EML File Using The Forensic Tool

In Digital Forensic email file analysis is a great process to obtain the evidence from email messages. Emailing is the common method used by most of the people for the official and unofficial purpose. Examine and analysis of EML file extension is very useful during the Digital forensic email Investigation. Because EML is the file format supported by most of the email clients and web browsers. The Digital Forensic tool MailXaminer allow to analysis EML file type in Perfect way.

Add EML File Format

Add EML file into MailXaminer for analysis of the email messages. Select EML/EMLX (*.eml,*.emlx) through the Add Evidence option of MailXaminer

EML file

Preview And Examine EML File in Different Views

EML file type is plain text formatted file hence it can be easily open and examine using any text editors or Web browsers. But in the Digital forensic perspective the examination is not only means to examine the body messages it includes all the data related to that email like sender, subject, hash values, hex values etc. MailXaminer is dependable Digital Forensic Tool which allow to examine the EML file format in different views such as “Mail, Message Header, Attachments, Hex, Properties, MIME, Email Hop, HTML, RTF” and provide all related information of the email.

view analysis of eml


EML is the single email file format supported by most of the email client and used to backup or share the saved email messages individually. MailXaminer is a useful Email Forensic Tool allow to extract evidence through different analysis views.