Your “TRUTH SERUM” of Email Investigation
MailXaminer, being an advanced email searching, reporting, and exporting tool can also be considered a vital “truth serum” supporting email investigations. The software complies with the benchmarked values of EDRM model, thus, enabling the law enforcement agencies to execute investigation and detailed analysis of emails.
eDiscovery and Compliance with different phases of Digital forensic investigation
Electronic Discovery Reference Model (EDRM) gives the investigator a storng refrence path to manage the whole investigation process.The dedcution of the EDRM processis done in context with the software working process.
- Information Management: There are various law related to eDiscovery such as US FRCPthat requires the evidence to be presented in easy and acceptable manner.One can create a well-documented case within the MailXaminer for easy case managementand presentation.
- Identification: The actual process tries to identify the ESI(Electronic Stored Information) from the hardware but same process can be put in the context when talking software level when user have the file and needs a compatible software that is able to view objects stored within it and in such circumstance the software comes handy and let the investigator view emails with 60+ email file format.
- Preservation of state: Data is protected and there is no provision in the software to make any changes or alteration within the evidence file (No Write Access capability) also the examiner can bookmark the emails that deemed important for the investigation purpose and can be easily accessed anytime without having to repeat the process.
- Collection and Selection: It is not uncommon to have email evidencesin different file format hence bulk Selection of Email evidence files even if they are different file formats in possible within the examine software.
- Examination: Each email can be examined on various parameters such as their Hex, Header view or the hops that the email used to complete the cycle.
- Analyze and Classification: The Mail Examiner iswith Advance search capability let you view and apply filter to narrow down your result. As an investigator you will be able to classify and evaluate based on the type and relevance with the investigation.
- Presentation: The concluded evidence can be maintained and presented in various formats that are acceptable and admissible under various jurisdictions.
Know More About Law Enforcement
Chain of custody(Log Reviews): To avoid allegations of alteration or to simply monitor all the activity logs are maintained of each activity performed on the evidence which help in evaluating the following information:
- Who: Using log you will be able to view who accessed the evidence.
- How: How the evidence was used and the action performed.
- When: When the evidence was accessed.
- What: What was accessed and what action performed within the evidence file.
The other main advantage of the log is that it will help to repudiateof any charges in case if the other party claims alteration of evidence.
- Digital Signature and Hashing: The output result is hashed with MD5 hashing algorithm to ensure that the evidence you have provided haven’t been modified.
- Adherence toInternational Laws and Regulations: There are various laws that have been set up that needs to be adhered to when performing eDiscovery process.
- US Federal Rule of Civil Procedure (1):
The rule allows producingelectronically stored informationevidence for inspection and other legal purposes, as the evidence file is in MD5 hash format which is an accepted format hence the evidence will be admissible under various courts.
- Fed r evid 1006(2):
There will be cases when the data is voluminous in nature and cannot be examined as such and requires summation form of it in the court. The prosecutor can use the MD5 formatted data from the Mail Xaminer which abide with the Rule 1006 to show the finding in summarized way.