The most discussed topic among forensic experts, attorneys, investigators and e-discovery firms is how to perform search on unmounted EDB files and access e-mails to figure out possible evidence. So far, from Microsoft’s end, no such API has been released or suggested that can be considered as very well versed in carrying out the search action on unmounted Exchange Server’s EDB files. Traversing the dismounted Exchange database files can be a considerable option, but, it often proves to be a challenging task as shutting down of the Exchange Server can be really expensive and can also prove to be lossy. Also, shutting down of Exchange Server can be a bit finicky as it often serves as the backbone of the entire communication system within an organization’s network. With such never – ending issues, it becomes the most tiring and breath taking challenge for forensic investigators to traverse and search for evidence from the EDB files without preferring the option of dismounting them. But dismounting has been just an alternative nourished with hiccups.
As technology runs in our veins, we carve solution for every problem. Considering the above mentioned and many other issues, also, with a detailed R & D and pondering over the words and experiences of the experts, a tool was developed that may assist the Digital Forensic Investigators to perform detailed forensic analysis of the unmounted Exchange EDB files. The tool being “MailXaminer”.
The tool can be considered as the most trending and robust solution if you love messing with the Exchange Server database files, that too, in an unmounted state. This email forensic investigation tool is an output of the combined efforts of developers and email investigation experts to work on Exchange EDB and STM files. A perfect solution that answers your query, “How to analyze & search Exchange Server mailbox?”.
On the basis of investigative requirements, a very much focus has been laid down on product customization. To overcome the account authorship and other related issues, the software has also been delivered with an advanced feature of Impersonation.
Investigators can find plenty of robust search algorithms integrated into the tool such as General, PreDefined, Advance and Proximity searches for comprehensive searching within the unmounted Exchange database.
Thus, with the available features, MailXaminer can be the most preferable tool to search for evidence and other related artifacts within the Exchange EDB database. Perform detailed investigation without dismounting the Exchange EDB file.