MS Exchange, an emailing server, is the communication hub for most of the organizations and the occurrence of any kind of information leak, forgeries and scams in these sectors include crucial strands available within the MS Exchange user mailboxes. The investigators face a lot of challenges while collecting Electronically stored information within Exchange server like; they cannot shutdown an extremely active database or interrupt it in any way, sorting & culling of data from sheer size of Exchange repositories to find an email evidence is cost prohibitive; additionally, Exchange Servers are designed to manage or protect the emails & not for discovery thus; ESI collection will be time consuming.
As an alternative to overcome above challenges, MailXaminer has now been equipped with a decisive feature of Live Exchange Server Mailbox Analysis. The tool forensically scan the entire exchange database and let you find everything which is related to your search parameter.
To make use of the Live Exchange Server Mailbox Analysis feature, switch to Scan File > Web > Live Exchange.
After selecting the Live Exchange option, the Live Exchange pop – up window appears.
The Live Exchange pop – up window asks the investigators to provide details for the following fields: -
Investigators very often face a challenge regarding the availability of account credentials while analyzing corresponding mailboxes. To assist the investigators with this part of analysis, Software allows the investigators to analyze the Live Exchange mailboxes through a using impersonation features. The software provides a dual option of analyzing the Live Exchange Mailboxes in one of the two modes i.e. With Impersonation and Without Impersonation techniques.
Without Impersonation:In this method, you need to provide User Mailbox Credentials such as "Mailbox Name and Password". Software validated the mailbox credentials and if all details are verified then software displays the details of the data items stored in user mailboxes.
Administrator Credentials: : To Use this method, check the box of " User Impersonation". Now provide Administrator details such as "User name and Password"
In this method, browse the CSV File used to stored Details of user mailboxes.
View the Details of Exchange User Mailbox
To avail the feature of Impersonation, Technocrats/Investigators have to run certain commands in their Exchange Powershell. To get the list of complete cmdlets and required steps, click here