Any eDiscovery tool needs to have an inbuilt forensic email search methods to help the investigators discover smoking guns. The strength of analyzing email artifacts is further emphasized by the robust and advanced email search mechanism of the application. Its search algorithms hits that most of the competitors will miss. All the searches made can be saved for later retrieval. This search evidence forensic saves a lot of time for the investigators in case the same search is to be made multiple times. Depending upon the level of sophistication involved in the search exercise, Software categorizes its searches into 4 Levels.
"General Search" is basically a generic search used for an overall search in all the scanned files. Users can input either a single keyword or a list of keywords and can hit the search button to get the results. Keywords mentioned within double quotes, fetch results matching with the exact keyword.
For the in-depth forensic email search, the general search option of the forensic email search tool supports various searching algorithms such as “General search, Wild card search, Regular expression, Fuzzy search, Stem search”. Each of the algorithms help the investigators to search for the desired emails according to the various assumptions. The General forensic search methods can be further be narrowed down to be more specific, by searching for keywords in specific fields like etc. and with the help of Logic operators “AND, OR, NOT”.
With the help of logic operators user can search for the email data by either including or excluding multiple keywords in search evidence forensic.
Wildcard is an advanced email search feature of forensic email search tool which used to represent one or more characters. Most commonly using two Wildcards are “*” and “?”.
Fuzzy search is one among the common forensic search methods, which help the users to search with assumption. That is in normal searching mechanism user need to provide the exact word to obtain the correct result. But in Fuzzy search user need not to worry about it. When you don’t know the exact argument correspond to desired document, advanced search email mechanism will give you all possible result even without considering the spelling and other mistakes. For example if you search word with wrong spelling like "xamner" it will automatically detect the correct one and give you the result with "xaminer" or other similar words.
Stem search is another searching mechanism based on the root word. It will give the exact match or variants of the search argument in the advanced email search. That is if you search the word “road” it will give you the result like road, roadway, roadside and other similar results starts with road. This will helps to get maximum variant search evidence in forensic investigation under the uncertain situation.
Regular Expression Search is another advanced email search mechanism which search evidence in forensic email data using various combination of patterns. This searching mechanism use pattern matching to search for particular string rather than creating search queries.
To know more about each forensic search methods by using email forensics tool read more...
The Proximity Searching is the mechanism works with the concept of spacing between the words. forensic email search mechanism works with the concept of spacing between the words. It will search for the email data with two or more words and the approximate distance between them. Distance means the number of characters separating that two words. This search evidence forensic can be executed by the Hit & Trial method. Given example shows the email including maximum upto 9 words between the two input characters that is chosen & term. It will provide the result base on the search words and the given distance between them
To know more about each forensic email search mechanisms with the help of email forensics tool read more...