SeaMonkey, being an all-in-one Internet application suite containing web browser, email client, HTML editor and IRC client becomes an important target suite for forensic investigation. Moreover, because it is one of the most widely used application all across the globe, many cyber criminals routes to it for giving end results to their ill-fated intents. Hence, the SeaMonkey email forensics analysis is on the rise these days. However, to examine the wrongdoings committed by its use, it is essential to gain a complete know how of SeaMonkey. The entire information includes the technology utilized to build it, the internal working mechanism, the platforms it can function upon, its different releases and how they differ from each other and many more.
But the most important thing that is required to examine it accurately is the comprehension of the file formats that it utilizes. This is because of the fact that file types that store the data items are the key to eDiscovery & investigation and moreover it forms the basis of Intelligent Analysis. Also the file types hardly vary with newer releases and almost remain the same in each version. Only when such information are collected and scrutinized correctly it is likely that the investigators would be able to prove suspects actions against the standards of law. Thereby, finally confirming them guilty hence punished. This means that by the gathering the files of specific type i.e. belonging to SeaMonkey application from the user’s system, SeaMonkey forensics investigation can be carried out factually and conceded in the court of law and morally as well.
As said above, SeaMonkey as is an all-in-one Internet application suite available free of cost and as an open-source. Its all-in-one concept is an inherited property from the original NetScape Communicator and by this it means that it is a complete package containing web browser, email and news client, HTML editor & IRC Chat. In SeaMonkey, these components are known as SeaMonkey Navigator, SeaMonkey Mail & Newsgroups, SeaMonkey Composer and built-in chat called ChatZilla respectively. Though owned by SeaMonkey Council community now, it was originally developed by non-profit Mozilla Foundation and is a continuation of Mozilla application suite based on the same source code. It is compatible in all the three major operating systems that are Windows, Mac OS X and Linux and it has different system requirements for all the three. It is available in multiple foreign languages and the count is about 26. 2.32 Beta 1 is the latest version of the Internet suite, released on December 16, 2014 available for all three platforms and can be downloaded from the official website: http://www.seamonkey-project.org/. It offers two installation skins that are Standard & Custom wherein the former is suited for all users whereas the latter provides customization option and is best suits high-tech users only. This introduction of SeaMonkey is indeed necessary for Seamonkey mailbox analysis.
In the table below are given the compatible OS and their versions that are supported by SeaMonkey.
SeaMonkey stores all the personal information as well as other data. It includes info like passwords, emails, news messages, bookmarks, address books, cookies, installed add-ons and user preferences in a set of folder called profile. The profile folder also holds all information about the alterations made to the home page, changes made to the toolbar, while using the application. This is a useful feature for using the program the next time. Another type of info that the profile stores are contents like history, visited sites and web pages, read/ unread email messages, word(s) entered into search fields, etc.
Note – The storage location of profile folder is separate from the Program Files of SeaMonkey on the machine.
Operations on Profile Folders – A variety of operations can be performed on profiles such as they can be created, managed and deleted. They can even be migrated from Mozilla mail clients like NetScape, SeaMonkey and Thunderbird email program. And they can be relocated as well anywhere on the hard disk of the machine.
Directories in SeaMonkey
In total there exists five different directories in SeaMonkey and they are mentioned in the table below, with short briefing of what type of data or information they contain.
The different way-outs in which SeaMonkey email forensics analysis can be carried out and validated are described here in this section, although the file formats examination remains the chief-most and more significant.
Even if SeaMonkey is removed on Windows by Control Panel in the Start Menu, on Linux by removing the SeaMonkey folder or on Mac OS X its data items including emails can be studied and facts retrieved by examining the Profile folder. This is because SeaMonkey 2.0 or any other higher edition that users install, after un-installing SeaMonkey, continues using the data from the profile folder formed originally. Therefore, info like: bookmarks, browsing history, add-ons, email messages, news messages, extensions or other can be gathered from the profile folder and thereby studied in detail to extract important artifacts. The profile folder is located at some default locations depending upon the operating system.
Default ‘Profile’ Location – Each profile in SeaMonkey is saved on system’s hard disk drive in the profile folder which in turn is stored at separate locations depending on the kind of OS.
Note – These are the default locations of profile folder by SeaMonkey version 2.0 and newer releases. Edition 1.x does not allocate these locations and utilizes data from an independent location. However, profile folder locations can be altered and managed manually.
SeaMonkey works with the file extensions mentioned below. Moreover, as SeaMonkey is built on Mozilla’s source code many of the file extensions are common with Thunderbird,
Some important SeaMonkey file formats are mentioned in the table below. These files can be extracted and their stored data can be examined by forensic investigators. The below given file types, serve as important means for SeaMonkey forensics and collection of evidences to be proved in the court of law.
In this way, by studying the files, SeaMonkey forensics analysis can be done by forensic investigators. They can be studied either manually or by using any external and professional e-discovery and email header analysis tool. One utility for extracting artifacts from suspected emails is MailXaminer – trusted email forensics software. Even other third party software utilities can be brought in use as well.