The forensic keyword search in digital forensics is the feature to used to find evidence from large bulk of electronic data. During the cybercrime investigation the forensic email search is performed on the basis of keywords that you enter in computer forensics tool. That keyword may be related to the particular document or a set of computer files. For example if you are finding file from very old database, related to your employee details then the possible words you can use to perform keyword search forensic are his ID, name, address etc.
During the large investigation process usage of one by one keywords for the digital forensics keyword search is very tiring and time consuming process. In such situations the usage of multiple keywords as a set will help to obtain the result very fast. This will also helpful in the case the user searching for the electronically stored information with assumption.
To find the document, search keywords must be entered & stored in software prior to the searching process. The tool allows to perform a forensic keyword search on the evidence data which are indexed by the forensic tool. Following are the options through which you can add the keywords:
MailXaminer is a reliable email forensics tool which helps the investigators to carefully analyse the elecronic evidence during the cybercrime investigation. This analysis tool provides the option to perform electronic discovery of the evidence from the various computer files with help of advanced search options. Among that the keyword search forensic is another specialized searching mechanism which helps the examiners to find a particular computer evidence from a large database. The forensic keyword search tool allows to add multiple keywords at a time to search a set of electronic documents and attachments which comes under the searched keyword category. Refer the steps given in the bellow section to know how to perform forensic search using keyword.
Add the evidence data file into the forensic analysis tool to perform digital forensics keyword search and extract the hidden evidence. Click on Add Evidence button from the menubar to add computer data file into the software. Which allow you to add electronically stored information from five sources such as “Container Mail, Webmail, Image File, Messenger Data & Bulk”.
To perform the keyword search forensic on a suspected database file move on to the Keyword Section of the software and select the Add Keyword button to include search keywords prior to processing. Which allows the user to add multiple keywords at a time and perform forensic analysis on the electronic data files.
After you click on the Add Keyword option a Keyword Search tab will pop up. Which will allow you to add keywords for search either manually or through CSV file. Through the Keyword List option you can enter multiple keywords manually into the forensic keyword search tool. In the case where the user need to add a bulk set of keywords it is not possible to enter each keyword one by one. In such situation, through the Browse CSV option user can add a large set of keywords. After adding the keyword list click on the Search button to perform the forensic search using keyword on the evidence.
Once the keyword search in computer forensics is completed, the user can view and access the resultant evidence file through the software display tab. The user can either display the keyword search result or particular keyword by selecting the keyword from the software keyword section or can display the entire search result by selecting the case.
Similar to the message files the keyword search in computer forensics can also be performed on attachments. After the keyword search is completed, the attachment tab will provide the corresponding result and user can analyse the resultant attachments in various views through that.
Once the entire keyword search forensic is complete user can Bookmark the electronic file to add into the evidence list or Export the evidences file into the various file format. Through the Export option investigator can easily create a backup of the electronic evidence for the future reference purpose or submitting as the evidence in the court.
The software providing three additional options to enhance the process of digital forensics keyword search. They are:
The final and important part of each investigation process is the generation of the investigation report. Using the Report section of the forensic keyword search tool investigators easily generate the court admissible report. After completing the digital forensics keyword search, user can generate a search report through Keyword Report option. Which contains the information such as “Keyword, Hit Count, Server Hit Count”.