Blog

Finding “Smoking Guns” within email evidences just got easier with SysTools MailXaminer

MailXaminer | August 11th, 2017 | Forensics

Finding “Smoking Guns” within email evidences just got easier with SysTools MailXaminer

The effectiveness of any email forensic tool greatly depends on the effectiveness of its search mechanism.  The newly added Search options extend MailXaminer’s powerful investigative review and analysis capabilities with a fully interactive data visualization and workflow framework. You can now interactively search and filter data using the complete MailXaminer search syntax. By far the most user-friendly advanced searching tool, MailXaminer is designed to be used by anybody, with intuitive user interfaces and wide variety of search options. 

image1

The latest version of MailXaminer comes equipped with the following search options:

Wildcard Searches:
MailXaminer supports single and multiple character wildcard searches within single terms (not within phrase queries).

  • To perform a single character wildcard search use the “?” symbol

  • To perform a multiple character wildcard search use the “*” symbol

The single character wildcard search looks for terms that match that with the single character replaced. For example, to search for “text” or “test” you can use the search:
te?t

Multiple character wildcard searches look for 0 or more characters. For example, to search for test, tests, tester, testimonial or testify, you can use the search:
test*

You can also use the wildcard searches in the middle of a term. E.g. to search for tenant, text, test etc. you can use the search:
te*t

Fuzzy Searches: 
MailXaminer supports fuzzy searches based on the Levenshtein Distance, or Edit Distance algorithm. It can be useful for searching texts that may contain typographical errors or, for texts that have been scanned using OCR (Optical Character Recognition). For example to search for a term similar in spelling to “roam” use the fuzzy search:
roam
This search will find terms like foam and roams.

Proximity Searches: 
MailXaminer supports finding words that are within a specific distance away. You just need to input the two words that you are looking for and specify the expected distance between them.

For example to search for “Apache” and “Jakarta” within 10 words of each other in a document use the search:
“Jakarta apache” 10

This search will give results like “Apache is a well-known restaurant located just 2 miles away from the central mall of Jakarta

Stem Searches:
Stemming is the process for reducing inflected (or sometimes derived) words to their stem, base or root form—generally a written word form. The stem search algorithm reduces the words “organization“, “organized“, and “organizer” to the root word, “organ“.

Regular Expression Searches:
Regular expression search can help the users look for a sequence of characters that forms a search pattern, mainly for use in pattern matching with strings, or string matching. Regular expressions are usually employed in applications that pattern-match text strings in general.

For example, the simple Regular Expression (regexp) ^[ \t]+|[ \t]+$ matches excess whitespace at the beginning or end of a line. An advanced regpex used to match any email ID with domain 7-11.com is ([_A-Za-z0-9-]+)@7-11.com