{"id":486,"date":"2015-03-20T13:14:42","date_gmt":"2015-03-20T07:44:42","guid":{"rendered":"https:\/\/www.mailxaminer.com\/blog\/?p=486"},"modified":"2025-05-22T12:27:03","modified_gmt":"2025-05-22T06:57:03","slug":"kerio-connect-mailbox-forensics","status":"publish","type":"post","link":"https:\/\/www.mailxaminer.com\/blog\/kerio-connect-mailbox-forensics\/","title":{"rendered":"Kerio Connect Forensic Analysis"},"content":{"rendered":"<p>Considering the wide usage of email messages in business enterprises, it is quite common to come across situations when there is a suspicion of illegal messages received by the company from some hackers. In such cases, the company takes the help of law enforcement agencies which may come and ask for a detail of the logs that will help them to contend against the criminal activity. Since, there are no ways to accomplice this with a Kerio Connect server. System administrators have probably got more important things to do and it is obvious that manually digging out the log files would take long time.<\/p>\n<p>To deal with situations like this, the law enforcement agencies take the help of a forensic investigators but when there is no way out to bring forth suitable evidence, they feel annoyed. However, there are still other ways to bring out the culpable evidence before law so as to punish the defendant. So, here we will see how we can extract evidence from messages of Kerio Connect. Let\u2019s first fret deep into this email client before looking out for its forensic aspects.<\/p>\n<h2><strong>Know Your Email Client \u201cKerio Connect\u201d<\/strong><\/h2>\n<p>Kerio Connect is basically a commercial emailing tool and a groupware server put forth by Kerio Technologies. Presenting the features of a complete robust platform, this application claims of speeding up work. One of the most attributed features of Kerio is its ability to connect and collaborate with any devices and constantly synchronize data, thereby moving the barriers of office boundaries and allowing users to access email messages even through iPhone. Because of its overwhelming capabilities, Kerio has been officially named as the <strong>\u201cOffice Workhouse\u201d.<\/strong> Users can collaborate calendars, messages, contacts irrespective of the platform.<\/p>\n<p>Now we can work on its forensic aspects. To carve out evidence forensically we need to learn about its file location and the form in which Kerio stores its data.<\/p>\n<p><strong> Forensics Investigations Carried Out on Kerio<\/strong><\/p>\n<p>The mail folder storage location path of Kerio Connect is as follows.<\/p>\n<ul>\n<li>All the configuration data can be located with following path<\/li>\n<\/ul>\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-5561 size-full alignnone\" src=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/mailserver.png\" alt=\"mailserver\" width=\"630\" height=\"415\" \/><\/figure>\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-5561 size-full alignnone\" src=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/store.png\" alt=\"store\" width=\"630\" height=\"415\" \/><\/figure>\n<ul>\n<li>The store directory is located in the following path.<\/li>\n<\/ul>\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-5561 size-full alignnone\" src=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/file-location.png\" alt=\"file-location\" width=\"630\" height=\"415\" \/><\/figure>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-491\" src=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/disk-c.png\" alt=\"disk-c\" width=\"624\" height=\"396\" \/><\/p>\n<h2><strong>Importance of STORE.FDB from Forensic Point of View<\/strong><\/h2>\n<p>Firebird (FDB) is a SQL RDBMS system which is open source for users and supports it\u2019s usage on a number of platform like Linux, Microsoft Windows, and a variety of UNIX Operating System. What really happens is that all the email messages, contacts, and calendars are cached in a database file which is known as <strong>STORE.FDB<\/strong> which is located in a folder in the user profile. Kerio uses this database for installations that does not contain much of data. In a way forensic investigators can consider this files as OST files of Exchange server.<\/p>\n<p>Kerio Connect stores the emails in the form of separate files in file system directories, where every directory over here corresponds to an email folder. All the messages which belong to INBOX are found in the directory called <strong>\u201cInbox\u201d like _STORE_\/mail\/DOMAIN\/USER\/INBOX\/#msgs.<\/strong> Similarly, the Sent mails will be present in a system directory known as \u201cSent Items\u201d. Now, one can easily notice that various indexes are built around those messages.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-493\" src=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/inbox1.png\" alt=\"inbox\" width=\"624\" height=\"437\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-494\" src=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/kerio-file.png\" alt=\"kerio-file\" width=\"643\" height=\"388\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>Now, one can easily notice that various indexes are built around those messages.<\/p>\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-5561 size-full alignnone\" src=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/location.png\" alt=\"location\" width=\"630\" height=\"415\" \/><\/figure>\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-5561 size-full alignnone\" src=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/public-folder.png\" alt=\"public-folder\" width=\"630\" height=\"415\" \/><\/figure>\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-5561 size-full alignnone\" src=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/logs.png\" alt=\"logs\" width=\"630\" height=\"415\" \/><\/figure>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-498\" src=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/log-file.png\" alt=\"log-file\" width=\"624\" height=\"417\" \/><\/p>\n<p>One mailfile in the mail queue contains the actual mail and a Meta file. One mail in a mailfolder consists of the actual mail stored in one file and one sets of files in each folder such as for INBOX folder: index.fld, properties.fld, etc.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-499\" src=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/inbox-folder.png\" alt=\"inbox-folder\" width=\"624\" height=\"249\" \/><\/p>\n<p>The messages present in the inbox are further found to be in EML file format.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-500\" src=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/eml-files.png\" alt=\"eml-files\" width=\"624\" height=\"335\" \/><\/p>\n<h3><strong>Analyzing the EML Messages<\/strong><\/h3>\n<p>Now, these messages which are present as .eml files can be further analyzed. All these messages can be individually examined with the help of a text editor. The investigators can take a look at the creation date and time which can be taken from the timestamp present in the Date line of the message header. Further, to check whether the message has been modified or not, they can extract the last modification date and time from the timestamp present in the Delivery-date line of the message header of the EML file format messages.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-501\" src=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/header.png\" alt=\"header\" width=\"624\" height=\"309\" \/><\/p>\n<h3><strong>Tracing Messages by Carefully Reading Email Headers<\/strong><\/h3>\n<p>The message ID located in the message header is a unique identifier that is assigned to the messages by the email server. By successfully correlating the message ID with the server logs, one can easily make out the data relevant to the messages that are received and sent from a particular system. The email header can provide investigators with health of data such as the record path traversed by the message from its journey from the sender to the receiver. One way of analyzing the email headers is to access them from the bottom to the top. Considering a sample header from a message given above, one can decipher several data. In such cases, forensic utilities like <strong><a title=\"Kerio Email Forensics\" href=\"https:\/\/www.mailxaminer.com\" target=\"_blank\" rel=\"noopener\">MailXaminer<\/a><\/strong> can provide great assistance to investigators for examining the data in EML messages carefully. Further, this <strong><a href=\"https:\/\/www.mailxaminer.com\/product\/\" target=\"_blank\" rel=\"noopener\">email analysis tool<\/a><\/strong> can provide investigators to view messages in different view modes.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-502\" src=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/kerio-coonect.png\" alt=\"kerio-coonect\" width=\"640\" height=\"65\" \/><\/p>\n<p>How to analyze whether a particular Kerio Connect account has been compromised or not? Whenever investigators doubt the possibility of the Kerio Connect server being compromised, they can find it out by the following indications<\/p>\n<ul>\n<li>Kerio Connect will show slow performance<\/li>\n<li>All the users will get their email messages as bounce back because they have not sent them<\/li>\n<li>The external IP address will get backlisted<\/li>\n<li>Then one can notice that there will be a large mail queue, which will have a list of several email messages that are sent to an address about which users are practically unaware.<\/li>\n<\/ul>\n<p>If all these things are noticed, then the investigators can make it out that the account has been compromised. To find out the specific account that has been compromised from the multiple accounts maintained on the server, investigators can enable a column in the mail queue view within the Kerio interface, which will reveal the account that has authorized the email messages to be sent.<\/p>\n<p>For this access, Kerio Connect Web Administration interface.<\/p>\n<p>Move to the section <strong>\u2018Status<\/strong>\u2019, then <strong>\u2019Message Queue<\/strong>\u2019.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-503\" src=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/users.png\" alt=\"users\" width=\"624\" height=\"456\" \/><\/p>\n<p>Now, enabling the option would help the investigators locate where the message has been sent from which particular account. The sender IP will help to locate whether the message has been sent internally or externally, and the authenticated sender will reveal information related to the matter that the password of some account has been compromised or not.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-504\" src=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/message-queue.png\" alt=\"message-queue\" width=\"624\" height=\"284\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>Email accounts that are hacked have the potential to severely compromise the confidentiality of a business organization and therefore pose a very vulnerable threat to the company\u2019s proprietary data. The above-mentioned ways can well assist forensic investigators to carve out inculpatory as well as exculpatory evidence from the Kerio Connect program, which can be well presented in the judicial court by law enforcement agencies. Besides that,t forensic experts can take the help of several forensic tools which may assist them to save time and bring out legal evidence clearly.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Considering the wide usage of email messages in business enterprises, it is quite common to come across situations when there <a href=\"https:\/\/www.mailxaminer.com\/blog\/kerio-connect-mailbox-forensics\/\" >Read More&#8230;<\/a><\/p>\n","protected":false},"author":8,"featured_media":511,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"class_list":["post-486","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-forensics"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Kerio Email Forensics \u2013 Analyze Store.fdb &amp; EML File<\/title>\n<meta name=\"description\" content=\"The forensic analysis of Kerio Connect mailbox file such as store.fdb and eml helps the investigators to carve out evidence artifacts from suspect\u2019s emails.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.mailxaminer.com\/blog\/kerio-connect-mailbox-forensics\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Kerio Email Forensics \u2013 Analyze Store.fdb &amp; EML File\" \/>\n<meta property=\"og:description\" content=\"The forensic analysis of Kerio Connect mailbox file such as store.fdb and eml helps the investigators to carve out evidence artifacts from suspect\u2019s emails.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mailxaminer.com\/blog\/kerio-connect-mailbox-forensics\/\" \/>\n<meta property=\"og:site_name\" content=\"MailXaminer Official Blog\" \/>\n<meta property=\"article:published_time\" content=\"2015-03-20T07:44:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-22T06:57:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/kerio-connect.png\" \/>\n\t<meta property=\"og:image:width\" content=\"180\" \/>\n\t<meta property=\"og:image:height\" content=\"120\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Mansi Joshi\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mansi Joshi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/kerio-connect-mailbox-forensics\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/kerio-connect-mailbox-forensics\\\/\"},\"author\":{\"name\":\"Mansi Joshi\",\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/#\\\/schema\\\/person\\\/c9207395234d7178f353e02c45490a95\"},\"headline\":\"Kerio Connect Forensic Analysis\",\"datePublished\":\"2015-03-20T07:44:42+00:00\",\"dateModified\":\"2025-05-22T06:57:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/kerio-connect-mailbox-forensics\\\/\"},\"wordCount\":1193,\"image\":{\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/kerio-connect-mailbox-forensics\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/03\\\/kerio-connect.png\",\"articleSection\":[\"Forensics\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/kerio-connect-mailbox-forensics\\\/\",\"url\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/kerio-connect-mailbox-forensics\\\/\",\"name\":\"Kerio Email Forensics \u2013 Analyze Store.fdb & EML File\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/kerio-connect-mailbox-forensics\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/kerio-connect-mailbox-forensics\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/03\\\/kerio-connect.png\",\"datePublished\":\"2015-03-20T07:44:42+00:00\",\"dateModified\":\"2025-05-22T06:57:03+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/#\\\/schema\\\/person\\\/c9207395234d7178f353e02c45490a95\"},\"description\":\"The forensic analysis of Kerio Connect mailbox file such as store.fdb and eml helps the investigators to carve out evidence artifacts from suspect\u2019s emails.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/kerio-connect-mailbox-forensics\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/kerio-connect-mailbox-forensics\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/kerio-connect-mailbox-forensics\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/03\\\/kerio-connect.png\",\"contentUrl\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/03\\\/kerio-connect.png\",\"width\":180,\"height\":120},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/kerio-connect-mailbox-forensics\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog Home\",\"item\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Forensics\",\"item\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/category\\\/forensics\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Kerio Connect Forensic Analysis\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/\",\"name\":\"MailXaminer Official Blog\",\"description\":\"Tech Talks by Forensics Experts\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/#\\\/schema\\\/person\\\/c9207395234d7178f353e02c45490a95\",\"name\":\"Mansi Joshi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4a54472a1711bb8296f5bf3df3d4f5a01f1667ce788bdb2e834f92f9d7133ac2?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4a54472a1711bb8296f5bf3df3d4f5a01f1667ce788bdb2e834f92f9d7133ac2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4a54472a1711bb8296f5bf3df3d4f5a01f1667ce788bdb2e834f92f9d7133ac2?s=96&d=mm&r=g\",\"caption\":\"Mansi Joshi\"},\"description\":\"Tech enthusiast &amp; cyber expert for the past 5 years. Love to solve complicated scenarios to counter cyber crimes with in-depth technical knowledge.\",\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/in\\\/mansi-joshi-54414524a\\\/\",\"https:\\\/\\\/www.mailxaminer.com\\\/assets\\\/author\\\/mansi-joshi.png\"],\"url\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/author\\\/mansi-joshi\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Kerio Email Forensics \u2013 Analyze Store.fdb & EML File","description":"The forensic analysis of Kerio Connect mailbox file such as store.fdb and eml helps the investigators to carve out evidence artifacts from suspect\u2019s emails.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.mailxaminer.com\/blog\/kerio-connect-mailbox-forensics\/","og_locale":"en_US","og_type":"article","og_title":"Kerio Email Forensics \u2013 Analyze Store.fdb & EML File","og_description":"The forensic analysis of Kerio Connect mailbox file such as store.fdb and eml helps the investigators to carve out evidence artifacts from suspect\u2019s emails.","og_url":"https:\/\/www.mailxaminer.com\/blog\/kerio-connect-mailbox-forensics\/","og_site_name":"MailXaminer Official Blog","article_published_time":"2015-03-20T07:44:42+00:00","article_modified_time":"2025-05-22T06:57:03+00:00","og_image":[{"width":180,"height":120,"url":"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/kerio-connect.png","type":"image\/png"}],"author":"Mansi Joshi","twitter_misc":{"Written by":"Mansi Joshi","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mailxaminer.com\/blog\/kerio-connect-mailbox-forensics\/#article","isPartOf":{"@id":"https:\/\/www.mailxaminer.com\/blog\/kerio-connect-mailbox-forensics\/"},"author":{"name":"Mansi Joshi","@id":"https:\/\/www.mailxaminer.com\/blog\/#\/schema\/person\/c9207395234d7178f353e02c45490a95"},"headline":"Kerio Connect Forensic Analysis","datePublished":"2015-03-20T07:44:42+00:00","dateModified":"2025-05-22T06:57:03+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mailxaminer.com\/blog\/kerio-connect-mailbox-forensics\/"},"wordCount":1193,"image":{"@id":"https:\/\/www.mailxaminer.com\/blog\/kerio-connect-mailbox-forensics\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/kerio-connect.png","articleSection":["Forensics"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mailxaminer.com\/blog\/kerio-connect-mailbox-forensics\/","url":"https:\/\/www.mailxaminer.com\/blog\/kerio-connect-mailbox-forensics\/","name":"Kerio Email Forensics \u2013 Analyze Store.fdb & EML File","isPartOf":{"@id":"https:\/\/www.mailxaminer.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mailxaminer.com\/blog\/kerio-connect-mailbox-forensics\/#primaryimage"},"image":{"@id":"https:\/\/www.mailxaminer.com\/blog\/kerio-connect-mailbox-forensics\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/kerio-connect.png","datePublished":"2015-03-20T07:44:42+00:00","dateModified":"2025-05-22T06:57:03+00:00","author":{"@id":"https:\/\/www.mailxaminer.com\/blog\/#\/schema\/person\/c9207395234d7178f353e02c45490a95"},"description":"The forensic analysis of Kerio Connect mailbox file such as store.fdb and eml helps the investigators to carve out evidence artifacts from suspect\u2019s emails.","breadcrumb":{"@id":"https:\/\/www.mailxaminer.com\/blog\/kerio-connect-mailbox-forensics\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mailxaminer.com\/blog\/kerio-connect-mailbox-forensics\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mailxaminer.com\/blog\/kerio-connect-mailbox-forensics\/#primaryimage","url":"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/kerio-connect.png","contentUrl":"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2015\/03\/kerio-connect.png","width":180,"height":120},{"@type":"BreadcrumbList","@id":"https:\/\/www.mailxaminer.com\/blog\/kerio-connect-mailbox-forensics\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog Home","item":"https:\/\/www.mailxaminer.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Forensics","item":"https:\/\/www.mailxaminer.com\/blog\/category\/forensics\/"},{"@type":"ListItem","position":3,"name":"Kerio Connect Forensic Analysis"}]},{"@type":"WebSite","@id":"https:\/\/www.mailxaminer.com\/blog\/#website","url":"https:\/\/www.mailxaminer.com\/blog\/","name":"MailXaminer Official Blog","description":"Tech Talks by Forensics Experts","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mailxaminer.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.mailxaminer.com\/blog\/#\/schema\/person\/c9207395234d7178f353e02c45490a95","name":"Mansi Joshi","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4a54472a1711bb8296f5bf3df3d4f5a01f1667ce788bdb2e834f92f9d7133ac2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4a54472a1711bb8296f5bf3df3d4f5a01f1667ce788bdb2e834f92f9d7133ac2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4a54472a1711bb8296f5bf3df3d4f5a01f1667ce788bdb2e834f92f9d7133ac2?s=96&d=mm&r=g","caption":"Mansi Joshi"},"description":"Tech enthusiast &amp; cyber expert for the past 5 years. Love to solve complicated scenarios to counter cyber crimes with in-depth technical knowledge.","sameAs":["https:\/\/www.linkedin.com\/in\/mansi-joshi-54414524a\/","https:\/\/www.mailxaminer.com\/assets\/author\/mansi-joshi.png"],"url":"https:\/\/www.mailxaminer.com\/blog\/author\/mansi-joshi\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/posts\/486","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/comments?post=486"}],"version-history":[{"count":2,"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/posts\/486\/revisions"}],"predecessor-version":[{"id":6396,"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/posts\/486\/revisions\/6396"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/media\/511"}],"wp:attachment":[{"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/media?parent=486"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/categories?post=486"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}