News SysTools Represented MailXaminer in AISS in December 2021.

GNU Mail Forensics – Easy to Investigate Suspected Emails

GNU Mail forensics
Creative Team | Modified: 2016-09-01T16:39:15+05:30|Forensics | 5 Minutes Reading

In today’s era, the usage of internet has become so excessive, one can do nothing without using the internet. Even for communication people find the internet most appropriate and easy way, people send messages, emails, docs using the internet.

However, on internet hackers, spammers, stalkers and identity thieves are always present in an active position, they try to get user’s personal information by sending spams, fake mail, and links.
Today, people sends/receive number of emails, which consist important information but such emails user may also receive spam emails.

Spammers send different viruses, spyware, horses, worms and other offensive data through emails, these emails consists some intrusive links. When the user clicks on such links these viruses get into the system and the person sending these spams can easily get all personal data of the victim.

There are also many other malicious activities that can also be performed on email client such as intentional deletion of data, sending secret information to other and carrying out other cyber crimes.

In such case, there is a major need of the tool that can Examine such emails to find the person making such malicious attempts on the internet.

There are many forensic tools available in the market by which investigator can reach out to the suspected person and can prove them criminal. MailXaminer is one of this forensic tool that can be used to email investigations. It enables an investigator to make advance searches, can recover deleted emails, it also can track connection between multiple suspects and have skin tone analysis makes investigators know whether the image or video have pornographic data.

It enables different investigators to work on the same case and offers graph based dashboard that will provide complete information about data present in the file.

Introduction: GNU Mail Forensics

People takes help of email clients for sending offensive emails to another person. GNU Mail is one of the email clients that one can use for cyber crime as it is available free of cost so that anyone can download it in their systems. GNU is cross-platform email client which is available in different languages and it is used for sending, receiving and composing the emails.

It supports protocols like POP3, IMAP4, SMTP & UNIX and users MBOX and Maildir file formats.
The things make this email client more special is it’s ability to add custom mail headers and mail spooling.
The investigator can go through email header to get the evidence and can also, investigate the data stored in a drive through spooling.

To examine GNU email investigator can examine its files, GNU email saves its data in MBOX and Maildir formats. By default, it uses Maildir format, theses files can be easily identified and can be processed further but there is a limitation in this format as it can not be open in other email programs.

How To Perform Forensics On GNU Mail Emails

An investigator can analyze a number of things to get evidence against the suspected person. Whether it’s data files, email’s header, server investigation or the analyzing network devices.

Investing GNU Mail data File

GNU mail client saves it’s all data in the .mbox file, as email plays the major role in performing the cyber crime, therefore, an investigator can examine emails data from these files.

Going Through GNU Mail Header Details

One can get many evidences against the suspect as it keeps all details of an email. Here on can get details such as senders Email id, Date, Message-Id, MIME version, subject, content transfer.

Analyzing Server And Other Network Devices

The email server keeps the copies of delivered and received messages in its server logs for a specific time period. for investigation, one can get these emails by contacting ISP which will help the investigator to trace the IP address of the person sending/receiving such emails.

There are other networking devices such as switches, router, firewall to track such emails.

Different Ways To Perform Forensics On GNU Email Client

One can search evidence on GNU email through manual searching and by software.

In we talk about a manual way of performing forensics in GNU email, the investigator can searches based on Name, keywords and by performing a database search.

However, there are some drawbacks of manual searching as it takes lots of time and there is a risk of losing important information.

An investigator can also take help of third party tool that can make searching procedure very easy and also it consumes very less time. these tools help to perform forensics very effectively.

To reach out suspected person, one can also use the combination of manual method and third party tools, which can surely give positive results.


The investigator can use a number of techniques to search a suspect performing any cyber crime using GNU email. One can go through its email header and can make searches on its file data. In addition, one major feature that GNU Mail support is spooling through which investigator can find data saved on the device. To perform forensics they can take help from combination of manual method and software.