Contact Us    Webinars    Blog    +1 888 900 4529

Forensic Recovery of Evidence via MailXaminer

Forensic Recovery Software Analysis Procedure

On daily basis, computer threats get downloaded through emails that is channelized either through internet or through corporate networks. Now, the threat could arrive in any form: virus, worm, phishing mails, or simply a spam. Forensic recovery of evidence from email data via forensic recovery software for forensic evidence analysis is one of the prominent modes civil or criminal legal proceedings.

Possibly, an email might contain the threat or it is used as a medium to spread the threat. Email forensics and investigation involve the idea of recovering evidences using software, hardware, and intellect techniques to find evidences in cases like felonies or identity theft.

In order to consider an email as an evidence, it is important to verify the location from where the email has been sent. It is important that examiner looks out for the crime that has happened and does it comes under criminal activity according to the state law. In such cases, legal advice is needed to start up and proceed the investigation so that time and resources do not get wasted on a non-issue.

Forensic Recovery of Evidence Starts with Preservation & Collection

Once it is confirmed that a crime has happened through mail, the next step is to have access to the messages in question. For investigation, the email database can either be collected from local machine or ISP server. Email messages, their headers, the server logs are some of the crucial elements that can act as evidence. In most of the cases, the server administrators are reluctant to cooperate and this is when forensic examination tools can help collect the email database.

MailXaminer is smartly designed solution for preservation and analysis of email evidences. The tool works on Windows platform and introduces help features to get through the challenges of email forensics. Here is a glimpse of what software can do to simplify the analysis phase of eDiscovery.

Collect Emails via Forensic Recovery Software

From File On Local Machine

The software extends support for some of the commonly used mail files stored on local machine. The long list of file types includes PST, MBOX, EDB, OLM, OST, TBB, EML etc.

For Investigation from Server

The challenges to download database from external server can be overcome through the forensic recovery software. There is provision to download data from email accounts of famous web based mail clients that saves data on their own server. In addition to this, it is possible to have access to the live Exchange server environment for analysis of email database.

Saved in Disk Image

Retrieving email data from huge sized disk images is a difficult job. With MailXaminer, the disk images in E01 and DD file can be used to extract the mail files to start up the analysis process.

Carving Out Hidden Facts is a part of eDiscovery

Another piece of evidence that can help out is the HTML source code of the email. This will have the programming language code that is being used by the suspect for collecting information from the victim. HTML is one of the popular email format used today for malicious activities as it allows adding hyperlinks and images to the message.

The Obvious Analysis Techniques:

Email header is one of the information provider element of an email. This contains details about the MTAs the message has travelled, the sender, the receiver, the domain authentication elements and much more. Analyzing an email can also give a hint of email authenticity which can help in further proceedings.

The Media Analysis:

Another source of information for forensic recovery of evidence is attachments. In most of the cases, applications restrict downloading emails with specific file types like .exe. As an alternate, the threats are embedded within the commonly used attachment types like PDF, Word, audio files etc. This form manipulating emails for fallacious activities is known as pharming. The forensic email examiner should hold the ability to separately examine the email attachments (received in any form). Through the image shared below, it can be noticed that the software gives the detail about the file type along with their number count.

Filtering the Appropriate Documents:

Databases are huge in size and thus to extract the mails that could prove to be an evidence, Search option in the tool can be used. There are four different ways in which emails can be filtered from the selected file or mail account.

  • General: This option gives the facility to search for emails with specified keyword by using AND/OR/NOT operator.
  • Predefined: There are some elements that are accepted as standards and thus cannot be changed. For example: the postal code for a state, the date and time format, the way a product key is written etc. This search option will help to filter emails depending upon these standard factors.
  • Advanced: This will help to search out for the keyword within specific part of the email. For example: Subject, Header, Body etc.
  • Proximity: As the name suggests, this will help to find mails with at least two words at a certain distance.

For forensic data recovery of evidence, the forensic recovery software MailXaminer proffers the latest and the most helpful techniques. Once the appropriate artifacts are collected, they give an easy route to the move over the investigation process.