Windows Operating System has this functionality of connecting multiple computers altogether for internal sharing and exchange of data. Microsoft uses two different logical models for this, Workgroups and Domains. Corporates computers are usually connected through such networks and in case of any corporate investigation case, it is important to analyze of all the connected systems for complete "network forensics". Investigators must be aware of the arrangement and differences between these two models in order to monitor and examine security vulnerabilities.
Workgroup: Workgroup can be defined as an arrangement for peer-to-peer network where each computer is independent but are connected through a network used for data exchange. This network has list of authorized users with passwords applied on it along with security rules & permissions applied.
Domain: Another logical structure model for organizations is Domain. It is a group of computers with centralized administrative authentication and control. The connectors, switches, and routers used for physical connection are same for Workgroup or Domain. However, this eases the administrative tasks with centralized control.
MailXaminer software program is now embedded with network data analysis feature of giving users access for all the computers connected within certain Workgroup or Domain network. It lets examiners to access the email files (and other files) to be added to the software program to fetch data from network for further analysis. In this way, investigation of files stored in all the systems within a network can be done by performing the operations on same system through Administrative login.
Click on Scan File option in order to add the email file to the software.
Click on File Format to be examined like here we have selected Outlook PST file. Click on Browse and then search for the PST file through the network.
This will display the system locations along with the Network. All the systems available in this network (Workgroup or Domain) will be listed.
Click on any particular domain system name from network, which will scan files from network and the associated shared folders will be displayed. Here, we have selected WIN8 and all the folders are displayed.
Open the folder to find respective file in that system folder. Select the file and click on Open to add the file for investigation.
Note: It is important that the system is part of the same domain to which host machine belongs.
Application will prompt users to provide User Name and Password for accessing any system in certain workgroup.
This support for searching through whole systems added to the network for performing network data analysis is extremely beneficial for interrogating emails of all systems through same host machine. With this integrated facility of network forensic analysis software, users can perform a systematic investigation.