Contact Us    Webinars   

Mailplane Forensics- Biggest challenge for Examiners

Creative Team | September 1st, 2016 | Forensics

Mailplane Forensics For Evidence Examination

An increase in digital crimes related with various email clients has led to the need of forensics investigation for both desktops as well as web mail service. One of the many email applications seen involved with cybercrime activities is Mailplane, which has been observed to be one service that has played the role of a culprit as well as a victim in many cases involving the adverse use of technology.

Mailplane is a desktop email client, which allows the offline access of Gmail on Mac OS X 10.10 and below editions. The application is designed mainly for using Gmail offline without the need to use a web browser. However, the impact of cybercrime is mainly taking place on Cloud services, including Gmail. In the following section, we will illustrate the analysis procedure and a possible solution to examine Mailplane.

Analysis of Mailplane

Most of the cases that involve types of cybercrime are mainly committed by using emails as the target. There are some common ways, which could possibly lead the usage of useful data in mysterious ways such as emails spoofing, sharing of various codes via emails, spamming, email bombing, etc. Many forensic searches are performed in a way to examine the crime conductance, the specialist makes the analysis of it.

Analysis of Mailplane

Data Storage

Web emails are typically not saved on the local system. Gmail by Google is one of the top preferences by users and is supported by Mailplane. It offers 15 GB of free storage space with its universal access, quick and easy management of data. The free of cost availability of Gmail makes it more vulnerable at the same time. As a result, there is cloud storage of data.

Detection on Cloud

The body of messages is mainly caught by the recipients though it is a header, which is the richest source of information from the forensics point of view. While examining an email’s header, there are various things that are required for consideration during examination and it includes Message-ID, Protocols, Received headers, etc.

Sometimes, the spam messages are received on emails; these are not only waste but also pose a threat in case of being received from a malicious email account. Apart from this, enterprises strictly oppose in receiving such emails as they unnecessarily take the storage space on the user’s account.

Spoofed Messages

The basic concept of identifying a spoofed message is that it does not reveal the genuine identity of the sender. Various fields help in determining whether an email is spoofed or not, some of which have been listed below:

  • Sender’s name
  • Message is sent using email client and address
  • Origination of IP addresses for specific message
  • Received field and Message ID

Obstacles Faced in Investigation

There are various steps involved in the forensic investigation, i.e. media collection, data validation, interpretation, documentation, and presentation of results at the time of judicial arrangement.

However, the most challenging part of an investigation is faced in the case of cloud computing is the physical acquisition and evidence controlling along with its validation, collection, and preservation.

To overcome the challenges faced by the investigators they need there is an application namely, MailXaminer. It allows the investigator to analyze the data easily without any platform dependency. It has a user-friendly interface, which makes easy for users to preview the data in all vectors. It helps to carve out the connection between users based and get an easy way to utilize detailed information of various portions in the email header.

Beyond this utility, there are various other ways to analyze Mailplane database. However, these methods are complicated and require much more time. As the time is valuable and investigation should proceed fast, therefore, the platform of software is always helpful.


Mailplane is no exception in the case and its investigation too involves the same cloud data forensics challenges. However, the understanding about its storage is enough to examine the activities carried out on the platform. Accordingly, using a third party tool is the most convenient way to perform an investigation as it saves user’s time and effort by automating the investigation with the help of auto load, detailed preview facility, and many other options.