Mail Copa Email Forensics for Evidence Investigation

Creative Team | July 10th, 2016 | Forensics
Email has become a source of interaction or communication among the users. Every day users send countless numbers of emails to each other. On network, everything is vulnerable, no one has an idea when the person with malicious intention is trying to use emails for committing the crime.
This article depicts the need of email forensic investigation in Mail Copa email client and how can it be performed. In addition, the ways to perform email forensic to analyze and recover the data have been discussed.

Need of Email Forensics in Mail Copa

The function of Mail Copa is to facilitate communication via emails universally but sometimes people use it as a source or target of cybercrime activities. A number of criminal offenses can take place using Mail Copa and some of them are mentioned below:
  1. Email Spamming: In spamming users get the email with embedded pictures, videos, or other objectionable data present in attachments.
    The spammer sends the unsolicited emails by getting email ids of users from web or DNS listing.
  2. Email Spoofing: In spoofing one can change the email header so that email will be appears to originated from different source instead of original source.
    The mail may consist of malicious applications like virus, trojan, warm etc.
  3. Email Sphere Fishing: In this type of activity fraud email sent to the user, asking for the sensitive information.
    For Example: user receives an email from fake bank email id asking for credit card details or other confidential data from the user.

Going through the file format of Mail Copa

Mail Copa stores its all data in MBOX file format with .mbox extension. It is a one file that carries all the emails all together. For Mail Copa Email Forensics Investigation, one needs to collect evidences from the emails that are save in hard drive.
It is very import to know the location of .mbox files, these files can be hidden too. In order to find the hidden MBOX files one can go for below mentioned steps:
  • Firstly go to the Control Panel
  • Then click on the Appearance and Personalization option
  • Then select the Folder Option,
  • A window will pop-up on the screen.
  • Select View Tab
  • Do uncheck the “Hide empty drives in the computer folder” option.
By above mentioned steps user will find the hidden MBOX files. After finding the MBOX file that will provide the evidences to the investigator, one needs to invest that file. In next section will discuss the techniques for Mail Copa Email Forensics Investigation.

Listing the Techniques for Email Investigation

  • Email Header Analysis: The header of email stores the metadata of the email like senders id, receiver id, data, time, language, MIME version etc. these header can be tempered to hide the actual identity of the email.
  • Attachments in MBOX file: The investigator find out the attachments attached in the Emails by scanning the MBOX file.
  • Bait Tactics: In this technique investigator track the IP address of the sender. In this tag “” is sent to the email address from which mail has received. In this case receiver of that tag is a culprit.
  • When culprit open that email, the IP address of recipient is get captured in email server and investigator easily track the IP address of the culprit.
  • Network Device Investigation: In order to track the culprit source scanning of networking devices is done by the investigator such as routers, hubs, firewall etc.
  • Extracting the Information from Server: the server hold the all information about every action performed on emails in its log file. by scanning the log files user can get information about the culprit.


There are other methods also available for Mail Copa Email Forensics for Evidence Investigation. There multiple commercial tools that will help investigator to collect the evidences to find the culprit.
MailXaminer is one of the tools that will provide advanced email investigation. The tool has features like recovery of deleted items, keyword based search, skin tone analysis, generate export report, case repository and many more.