Emails are and have always been the most employed medium for written electronic communication amongst individuals and businesses. However, heavy dependency on it has also made emails the most preferred medium for executing malicious activities. As a result, theft/illegal trading of intellectual property, cyber bullying, compromise of trade secrets, have become the most common incidents taking roots in corporate sectors & enterprises these days.
Therefore, the role of email forensics is observed emerging significantly. Four out of every ten organization’s emails are found vulnerable to the impact of cyber-crime due to mere carelessness or compromise of credentials. The bulk of emails exchanged on a regular basis by employees, builds up as a humongous challenge for investigators while performing the forensic analysis of emails.
Every time that techniques or methodologies fail, software applications appear greatly supportive. Similarly, emergence of the industry in the field of digital forensics has also been tremendously beneficial.
MailXaminer unlike most digital examination tools is a dedicated forensic application for the meticulous analysis of emails. The application primarily concentrates on top four elements of conducting an accomplished email forensic investigation, i.e. preservation, recovery, examination, and reporting of emails.
Although its operation is limited to a Windows machine but it does support an extensive range of email services, clients, and storage formats, individually as well as in bulk. MailXaminer reins any or all email forensic tools by its up-to-dateness. As soon as the new version of an email client or Windows OS is launched, the application immediately releases an update in support of the same.
See also: How to Send Anonymous Email Online Free
See also: How to Send Anonymous Email Online Free
What Makes MailXaminer A Best in Class Email Forensics Tool?
Preservation & Recovery →
Management
During an investigation, it is very common to come across the involvement of multiple email accounts posing as a genuine artifact in support of the investigation. Consequently, not only does the quantity of email accounts increase but a simultaneous increase in the number of emails is also observed.
Note: To make an account appear genuine and regularly in use, suspects tend to stuff it with unnecessary number of emails.
Regardless of the high end techniques, an investigation at the end requires the potential of a third party application. The Case generation option in MailXaminer is facilitative for the investigator to proceed with a case in an organized manner unlike investigation methodologies. Emails from all suspect and associated accounts can be downloaded / uploaded altogether into one case.
Multiple cases can be generated with the respective set of suspect emails loaded within them. Therefore, the application offers to name and describe each case during its creation which later comes handy for distinguishing one case from another. Collection of emails within one case helps in detecting connection, if any, to resolve the blurry confusions.
Email loading
Messages from just about all the prevalent web mail & desktop based email services are processed by this application. This facility ranks amongst the most striking options featured, promoting broader scope of email investigation. The application shows outstanding suitability for corporate investigations by rendering support to communication platforms majorly employed at respective environments. And Google Apps/Apps Admin, Live Exchange, Office 365, Exchange Server, Outlook, along with Offline Outlook tops the list.
Wider the support for different email services, broader the scope of investigation. Ranging from the open source email storage formats (MBOX/EML) to the massively used Gmail; MailXaminer covers all possible mediums and targets of email based crimes, widening investigation prospects.
Additionally, emails can be extracted in bulk from disk image files DD & EnCase E01 or even via folder/mass file selection. Disk image being the replica of a disk or drive handles storage of mass number of data, files, including emails.
Note: Intelligent enough development of the application loads any/all supported email storage file types from an assortment of other file types (excluding them). Also, in case of duplicate files detected, the latter is automatically skipped.
Advance Settings
While email download/upload is in process, Advance Settings of the application can be changed for customizing the investigation options accordingly. Investigator can add mail settings from this window to directly email case related evidence for review purpose, right from the software panel.
Also, image analysis and graphical representation of emails can be enabled for detecting – objectionable images and categorized representation of emails with/without attachments respectively. Both the features have a simultaneous relation with the other. (For instance) Graphical representation showing emails with/without attachments indicates whether there is a chance of finding image based evidence that is being looked for, or not in the scanned emails.
Recovery & Preview
Post scanning, emails are listed exactly the way they resided on the respective account. This encompasses the read/unread status of emails, Meta information, as well as emails that were deleted. Deleted emails when recovered from the storage file are highlighted in RED for easy identification amongst others.
Note: Details associated to with the deleted email(s) is retained as it is (before deletion). In no case does the application perform any sort of alterations to the email artifices.
Hence, the application effectively abides by two of its email forensics performing principles, i.e. preservation and recovery of messages. Development of the application clearly justifies the fact that each and every minute detail connected to an email is of utmost importance from a forensic standpoint.
Examination & Reporting →
Profound Header Inspection
As far as examination of emails is concerned the most important portion is the Internet Header. Starting from the sender’s information, identity, location, server path usage, to the tampering of information (if any), can be found by the anatomy of email headers.
MailXaminer comes with a smartly built email preview section where an investigator can easily switch between tabs to examine the email as a normal message, view its hexadecimal value structure (for tampering detection), HTML structure, header view (spam detection, sender genuineness), MIME information, server hop path (network intrusion detection), and many more such crucial set of information.
Email preview is the most important feature facilitated by the application as it exposes the real aspects of emails from what they appear to a normal user – to what they actually hide underneath.
Examining User Connections
Analytics is a clever addition in MailXaminer that shows links/connection of the suspect with other contacts that have been contacted via email. The conventional method of studying and then discovering relationships and links between users is overcome by this provision of the software. The application justifies discovery of a user/domain links as well as connections of a user with certain contact(s) perfectly, by providing multiple criteria addition & link analysis types: Users or Domains.
Finding Potential Evidence
In all honesty, evidence has to be looked for and cannot be found lying around, whether methodologically or with a tool. However, the application does simplify the process to a great extent and provides ample of options to make the tracing more powerful with: multiple search types, keyword based search, provision of criteria & operators, and highlighting searched term in results. Advance, Proximity, Regular Express, Fuzzy, PreDefined searches do their best in tracking down a certain type of email by providing the option for detailing it.
Reporting the Investigation
A case without a report is incomplete and this application is built with a powerful facilitation to generate one. Reporting of the case can be done as per the requirement using complete details or specific aspects of the case to create a precise report of the investigation and findings.
Reporting can also be done of the important case evidence bookmarking as well as of the search keywords exposing productive results. The provision of creating unlimited reports in multiple numbers for each aspect makes it easier for the investigator to maintain a detailed report about the entire case individually for better understanding of the case.
Observation & Conclusion
Email examination has become the part and parcel of enterprises presently due to the vulnerability of emails high end technology misuse. MailXaminer at the same time values every minute detail during investigation of emails from n number of platforms. And the justification to investigate & carve out evidence by all means from emails, qualifies the application as a ‘best in class email forensics tool’.
More info from here: MailXaminer - Advanced Email Forensics Tool
More info from here: MailXaminer - Advanced Email Forensics Tool
