+1 888 900 4529

Live Exchange Server Analysis

Impersonate and Examine Live Exchange Mailboxes

Live Exchange Mailboxes

MS Exchange, an emailing server, is the communication hub for most of the organizations and the occurrence of any kind of information leak, forgeries and scams in these sectors include crucial strands available within the MS Exchange user mailboxes. The investigators face a lot of challenges while collecting Electronically stored information within Exchange server like; they cannot shutdown an extremely active database or interrupt it in any way, sorting & culling of data from sheer size of Exchange repositories to find an email evidence is cost prohibitive; additionally, Exchange Servers are designed to manage or protect the emails & not for discovery thus; ESI collection will be time consuming.

As an alternative to overcome above challenges, MailXaminer has now been equipped with a decisive feature of Live Exchange Server Mailbox Analysis. The tool forensically scan the entire exchange database and let you find everything which is related to your search parameter.

Step 1: Scan File

To make use of the Live Exchange Server Mailbox Analysis feature, switch to Scan File > Web > Live Exchange.

Scan File

Step 2: Provide Details

After selecting the Live Exchange option, the Live Exchange pop – up window appears.

Provide Details

The Live Exchange pop – up window asks the investigators to provide details for the following fields: -

  • Exchange Version: - The software is attuned with the three latest versions of Exchange Server i.e. Exchange Server 2007, 2010,2013 and 2016. Investigators can examine and analyze the mailboxes of any of these versions of the Server.
  • Server Name/IP: - The Server Name/IP is the corresponding name or IP details of the server that need to be examined.
  • Domain: - This field requires the domain name of the corresponding Server.

Investigators very often face a challenge regarding the availability of account credentials while analyzing corresponding mailboxes. To assist the investigators with this part of analysis, Software allows the investigators to analyze the Live Exchange mailboxes through a using impersonation features. The software provides a dual option of analyzing the Live Exchange Mailboxes in one of the two modes i.e. With Impersonation and Without Impersonation techniques.

add file

Step 3: Without Impersonation

Without Impersonation:In this method, you need to provide User Mailbox Credentials such as "Mailbox Name and Password". Software validated the mailbox credentials and if all details are verified then software displays the details of the data items stored in user mailboxes.

Without Impersonation

Step 4: Impersonation

Administrator Credentials: : To Use this method, check the box of " User Impersonation". Now provide Administrator details such as "User name and Password"


In this method, browse the CSV File used to stored Details of user mailboxes.


View the Details of Exchange User Mailbox

user mailboxes

To avail the feature of Impersonation, Technocrats/Investigators have to run certain commands in their Exchange Powershell. To get the list of complete cmdlets and required steps, click here