Your “TRUTH SERUM” of Email Investigation
Product Code: AP-SYS-MAIL
MailXaminer, being an advanced email searching, reporting, and exporting tool can also be considered a vital “truth serum” supporting email investigations. The software complies with the benchmarked values of EDRM model, thus, enabling the law enforcement agencies to execute investigation and detailed analysis of emails.
eDiscovery and Compliance with different phases of Digital forensic investigation
Electronic Discovery Reference Model (EDRM) gives the investigator a storng refrence path to manage the whole investigation process.The dedcution of the EDRM processis done in context with the software working process.
- Information Management: There are various law related to eDiscovery such as US FRCPthat requires the evidence to be presented in easy and acceptable manner.One can create a well-documented case within the MailXaminer for easy case managementand presentation.
- Identification: The actual process tries to identify the ESI(Electronic Stored Information) from the hardware but same process can be put in the context when talking software level when user have the file and needs a compatible software that is able to view objects stored within it and in such circumstance the software comes handy and let the investigator view emails with 60+ email file format.
- Preservation of state: Data is protected and there is no provision in the software to make any changes or alteration within the evidence file (No Write Access capability) also the examiner can bookmark the emails that deemed important for the investigation purpose and can be easily accessed anytime without having to repeat the process.
- Collection and Selection: It is not uncommon to have email evidencesin different file format hence bulk Selection of Email evidence files even if they are different file formats in possible within the examine software.
- Examination: Each email can be examined on various parameters such as their Hex, Header view or the hops that the email used to complete the cycle.
- Analyze and Classification: The Mail Examiner iswith Advance search capability let you view and apply filter to narrow down your result. As an investigator you will be able to classify and evaluate based on the type and relevance with the investigation.
- Presentation: The concluded evidence can be maintained and presented in various formats that are acceptable and admissible under various jurisdictions.
Know More About Law Enforcement
Chain of custody(Log Reviews): To avoid allegations of alteration or to simply monitor all the activity logs are maintained of each activity performed on the evidence which help in evaluating the following information:
- Who: Using log you will be able to view who accessed the evidence.
- How: How the evidence was used and the action performed.
- When: When the evidence was accessed.
- What: What was accessed and what action performed within the evidence file.
The other main advantage of the log is that it will help to repudiateof any charges in case if the other party claims alteration of evidence.
- Digital Signature and Hashing: The output result is hashed with MD5 hashing algorithm to ensure that the evidence you have provided haven’t been modified.
- Adherence toInternational Laws and Regulations: There are various laws that have been set up that needs to be adhered to when performing eDiscovery process.
- US Federal Rule of Civil Procedure (1):
The rule allows producingelectronically stored informationevidence for inspection and other legal purposes, as the evidence file is in MD5 hash format which is an accepted format hence the evidence will be admissible under various courts.
- Fed r evid 1006(2):
There will be cases when the data is voluminous in nature and cannot be examined as such and requires summation form of it in the court. The prosecutor can use the MD5 formatted data from the Mail Xaminer which abide with the Rule 1006 to show the finding in summarized way.
Now with NEW features such as:
Analyze the evidence storing Encase LEF files and its variants. The examination of Guidance EnCase Logical Evidence Files is featured as widening the prospect of eDiscovery via examination of varied data file. The software scans through both .Lx01 and .L01 files for examination purpose.
Custodians can examine OLM files accomplishing the scope for analyzing an Outlook 2011 for Mac profile to get to the root evidence available in the form of Email folders, Address Book, Appointments, and more components for evidence processing and discovery.
Examination of Outlook 2011 for Mac data files via scanned Apple Disk Image file supported. The toolkit understands and parses through both OLM and DMG file – individually and in combination. Combined examination process for OLM via DMG is featured due to Apple being a common source between.
MailXaminer is designed in compliance with section 508 to provide wider approachability. The application can also be easily accessed through keyboard shortcuts, which makes it operable for all users regardless of disabilities.
The software is compatible to analyze all kinds of evidences from 64 bit applications. It efficiently extracts the artifacts from such applications without encountering any kind of software incompatibility issue.
The software supports bates numbering for PDF format while exporting any generated evidence or report. It facilitates to customize PDF page numbering with respect to number format, date stamping, and preferred font style.
MailXaminer supports to analyze the E01 and DD image files from multiple disk partitions. It maintains the folder hierarchy of analyzed evidences in the form of the respective partitions for all E01 and DD files.
The evidence export feature is further extended to export any number of analyzed folders into the required format. The forensics investigator can selectively choose the required folders and export them all together into a single file.
MailXaminer also supports the detailed analysis of Skype database. It extracts all calls, chats and SMS from the Skype data, which serves as a boon for the investigators to trace the communication network of the suspect.
The investigators can choose to export the recovered evidences into PST or CSV files by splitting them into smaller parts. The resultant files can be limited to a particular file size for better manageability and performance.
The tool facilitates to perform search within various subsets so that the investigation procedure can be simplified and fastened. The analyzed data can be easily filtered from the subsets including keywords, bookmarks, tags, reports etc.
The export to PDF settings can be easily customized according to the user’s requirement. The forensic expert can choose to perform export of selective attributes of the evidence, which helps in maintaining confidentiality of the analyzed information.
MailXaminer facilitates the export of analyzed evidence into CSV format in a customized manner. The selected attributes of the emails can be included into the CSV header depending upon user’s requirement.
A number of naming conventions have been added, which lets investigator select the required convention for the exported evidence. An appropriate set of conventions for emails, calendars, documents are provided for individual choice.
The tool is equipped with time line analysis feature to provide better visualization of the evidences. It allows viewing the statistics of emails, calls, chats, calendar, documents etc searched via graphical representation for a decade.
Link analysis feature helps to detect the relationship among the users within the searched results. It provides a major support to investigators in understanding the established links of users with the sender of the mail.