Encryption is the process of encoding the message or data into another reliable format to prevent the unauthorized access of data. Encryption is the widely using method to protect the digital data when it transfer over the network. Encryption algorithms convert the plain text data into cypher text with the help of encryption key. In the receiver side decrypt email message into its original form with the help encryption key. The authorized person can only access and remove encryption from email. They can decrypt the encrypted email and converted into its original format with the help of encryption key. There are different types of encryption algorithms are available to provide various levels of protection for the digital information. With the help of automated software feature investigators can easily remove encryption from Outlook emails and EDB files during the cyber crime investigation.
S/MIME(Secure/ Multi purpose mail extension) is the stranded used for public key encryption and digitally signing the MIME base email data. Most of the email software and services and using the S/MIME encryption for the secure communication. It provides the cryptographic security features such as Authentication, Integrity, privacy data security etc. This encryption method help the receiver to confirm that they receive the exact message from the verified sender. To enable the S/MIME both the sender and the receiver must be integrated with Public Key and digital signature. The public key is used for the encrypt & decrypt email message and the digital signature is used for verify the identity of the sender.
OpenPGP(Open Pretty Good Privacy) is one of the most widely using email encryption standard. Which uses the Public Key Infrastructure to create the key assigned to individual email address. Use the symmetric encryption to encrypt the email message. Each encrypted data contains the message and the encryption key. The receiver retrieves the random key using their private key and using that random key they will decrypt OpenPGP message.
The analysis of encrypted email data during the forensic investigation is a challenging process for the investigators. The email forensic tool provides an automated solution to solve this problematic situation. Which help the investigators to remove encryption from email messages of PST, OST & EDB files to perform analysis of the digital data in efficient way. In the bellow section we are discussing about how to decrypt SMIME & OpenPGP email message with the help of encryption removal software feature of computer forensics tool and analyse encrypted email data.
Create new case or open the existing case from the database to perform the forensically decrypt the encrypted email and extract the evidence.
To add the encrypted email data file into the software click on the Add evidence button of the tool. After that the select the file format you need to add. The forensic tool supports to decrypt email message from PST, OST, and EDB file.
For performing the examination of the encrypted email files. User need to change the scan settings. Click on the Scan Settings and select the Encryption Option. Which will help you to remove Exchange Server email encryption and decrypt encrypted PST, OST email messages.
Select the option Detect Digital Signature and Encryption which will automatically detect encrypted email files and the email files containing the digital signature. Checking the Remove encryption option will allow you to add encryption keys in two ways.
Now select the encryption type and provide other related details to decrypt the encrypted email. Mainly there are two type of Encryptions are available SMIME & OpenPGP
For remove email encryption with single key Select the Single Key option from the Add Key section and choose the SMIME or OpenPGP encryption type from the Encryption technology.
After selecting the technology enter the Key File and Password in the respective fields.
For decrypt email message file with multiple keys. Select Multiple Key option from the Add Key section add the CSV file containing the keys through the Add CSV section.
Browse the CSV file containing Encryption Type, Key Path and respective Password from the desired location.
After decrypt the encrypted email message from PST, OST & EDB files, user can access the email data through the display panel. The lock symbol with email file represent that those file are encrypted. If the file contain the digital signature will be indicated by the badge symbol. The type of encryption will indicated by Encryption Technology
Right click and select the preview option to open the email data. If the email file is not decrypted or failed to decrypt the it preview the email and its attachments in the encrypted form itself. The encrypted attachments will contain an addition extension corresponding to the encryption technology.
If the tool successfully decrypt email message it will shows the data in its original form. Which help the investigator to easily analyze and extract the evidence evidence with the help of different views.