Any eDiscovery tool needs to have an inbuilt forensic email search methods to help the investigators in discovering smoking guns. The strength of analyzing email artifacts is further emphasized by the robust and advanced email search mechanism of the application. It's search algorithms hits the features, that most of the competitors had missed out. It provides the facility for searches made by the user as they all can be saved for later retrieval. This forensic evidence search mechanism saves a lot time of the investigators as they do not need to made same searches multiple times. Depending upon the level of sophistication involved in search exercise, software categorizes its search features into different levels.
"General Search" is basically a generic search used for an overall search in all the scanned files. Users can input either a single keyword or a list of keywords and can hit the search button to get the results. Keywords mentioned within double quotes, fetch results matching with the exact keyword.
For the in-depth forensic email search, the general search option of the forensic email search tool supports various searching algorithms such as “General search, Wild card search, Regular expression, Fuzzy search, Stem search”. Each of the algorithms help the investigators to search for the desired emails according to the various assumptions. The General Forensic Search method can further be narrowed down to be more specific, by searching for keywords in specific fields and with the help of Logic operators “AND, OR, NOT”.
With the help of logic operators user can search for the email data by either including or excluding multiple keywords in search evidence forensic.
The Proximity Searching is the mechanism works with the concept of spacing between the words. Forensic email search mechanism works with the concept of spacing between the words. It will search for the email data with two or more words and the approximate distance between them. Distance means the number of characters separating that two words. This search evidence forensic can be executed by the Hit & Trial method. Given example shows the email including maximum upto 8 words between the two input characters that is pst & file. It will provide the result base on the searched words and the given distance between them.
Regular Expression Search is the another advanced email search mechanism which searches the evidences in forensic email data using various combination of patterns. This searching mechanism use pattern matching to search for particular string rather than creating search queries.
Stem search is another searching mechanism based on the root word. It will give the exact match or variants of the search argument in the advanced email search. That is, if you search the word “road” it will give you the result like road, roadway, roadside and other similar results starts with road. This will helps to get maximum variant search evidence in forensic investigation under the uncertain situation.
Fuzzy search is one among the common forensic search methods, which help the users to search with assumption. That is in normal searching mechanism user need to provide the exact word to obtain the correct result. But in Fuzzy search user need not to worry about it. When you don’t know the exact argument correspond to desired document, advanced search email mechanism will give you all possible result even without considering the spelling and other mistakes. For example if you search word with wrong spelling like "lst" it will automatically detect the correct one and give you the result with "ltd" or other similar words.
Wildcard is an advanced email search feature of forensic email search tool which used to represent one or more characters. Most commonly using two Wildcards are “*” and “?”.
To know more about each forensic email search mechanisms with the help of email forensics tool read more...