PARABEN S E-MAIL EXAMINER
| | ||
PARABEN 'S E-MAIL EXAMINER
E-mail Examiner (available at http://www.paraben-forensics.com/examiner.html) takes messages stored in many different archive formats and shows them in a searchable and customizable interface.
E-mail Examiner runs in a Windows environment and supports a wide variety of mail formats, including Outlook Express, Eudora, Mozilla and Netscape Messenger, Pegasus, The Bat!, Forte Agent, PocoMail, Calypso, FoxMail, Juno 3.x, EML message files, and Generic mailboxes (mbox, Berkeley mail format, BSD mail format, and Unix mail format). Support for MS Outlook data files is available through Paraben's PST Converter, which is distributed with E-mail Examiner. This is the same conversion process used when converting AOL files.
If you need a tool for network stores, consider the networked version of this tool. With Network E-mail Examiner, you can examine Microsoft Exchange (EDB), Lotus Notes (NFS), and GroupWise e-mail stores. Network E-mail Examiner is designed to work hand-in-hand with E-mail Examiner.
Implementation
When you first start E-mail Examiner, you will see the E-mail Examiner Wizard window. The first step in the examination of mailboxes is to help E-mail Examiner find your messages. Use Page 1 of the Wizard to indicate which e-mail program you would like to examine, and then click the Next button.
E-mail Examiner should find the mailbox files/message folders on your system. Once the mailboxes are found, the program will highlight their folders in the list on Page 2 of the Wizard. If you are unable to find the mailboxes desired, or you have them stored in a unique location, you will need to browse the list and select the correct folder. Notice two checkboxes that allow you to open all mailboxes and to include subfolders . These options allow you to import and examine multiple mailboxes from multiple e-mail formats at the same time, which is useful if a suspect has more than one account or mailbox and you would like to examine them together.
Page 3 of the Wizard provides filter options you can use to limit the display to certain kinds of messages. This filtering can save time if the examiner is looking for a particular message and it falls in one of the filter categories. Click the Finish button, and the Wizard will display the results of your work in the program's main grid.
If deleted messages were included in the Inbox that were never moved to the Deleted Items folder, they would show up in the following screen. This tool shows you deleted messages a user would never know otherwise existed.
To examine MS Outlook files, choose File Import PST Files to open the PST Converter dialog box, shown next. If you do not see this command on the File menu, go to Program Files\Paraben Corporation\E-mail Examiner, and double-click pstconv.exe. Click the Add Files button to search manually and select .pst files on your disk, or click the Search Disk button to list automatically all .pst files stored on the chosen drive. When you have found all the .pst files you want to analyze, click the Convert button to start the conversion process. When it's finished, simply open the resulting text file as a generic mailbox. Because the file created is a text file, the searching capabilities are extremely fast.
The following illustration shows the AOL e-mail conversion dialog box.
Paraben's E-mail Examiner also provides Boolean operators with multiple criteria. In addition to searching for exact matches in your e- mails , E-mail Examiner lets you search for approximate and Soundex (sound-based) matches. These flexibilities make it simple to define, group , and sort relevant messages.
The tools available in E-mail Examiner assist you in creating message subsets , extracting addresses and attachments, and compiling message traffic and word statistics. You can take advantage of a scripting language that allows you to create custom operations and automate repetitive tasks such as opening message folders, searching through correspondence, and archiving e-mails.
| | ||
EAN: 2147483647
Pages: 175