Netscape NavigatorCommunicator
|
| < Day Day Up > |
|
Netscape Navigator/Communicator
Netscape Navigator and Communicator (http://www.netscape.com) have their own versions of e-mail programs that are encountered just as frequently as Outlook Express. Similar to Outlook Express, the Netscape files that constitute the e-mail folders are stored in a directory. Instead of simply importing, as we did with Outlook Express, or opening a file, as we did with Outlook, we must use a trickier solution to make Netscape e-mail messages available.
Implementation
The first step to using Netscape Messenger to import e-mail is to locate the directories in which it stores e-mail. The following table shows paths where e-mail messages are typically stored in Netscape:
| Operating System | Typical Location of Netscape Mail Storage |
|---|---|
| Windows 2000/XP/2003 | C:\Documents and Settings\<local username>\Application Data\Mozilla\profiles\<profilename>\<unique filename>.slt\Mail\ |
| Windows NT | C:\winnt\profiles\<local username>\Application Data\Mozilla\profiles\<profilename>\<unique filename>.slt\Mail\ |
| Windows 95/98/Me | C:\Windows\Application Data\Mozilla\profiles\<profilename>\<unique filename>.slt\Mail\ |
The next step in reconstructing Netscape mail is to create a valid e-mail account within any profile on the forensic workstation. Here, we will use the “default” profile that’s automatically installed by Netscape. If you needed to, you could go to the trouble of creating a “real” profile instead of using the default one supplied by Netscape. It’s much simpler, however, to choose File | Import to import any Outlook Express e-mail that already exists on the forensic workstation. We choose to import Outlook Express because it is installed on nearly every Windows installation. We do this not to retrieve the local Outlook Express e-mail, but instead to create the necessary directory structure and configuration file changes within Netscape to put us in a position to import the e-mail discovered in the evidence. Once you have completed this process, be sure to delete any e-mail that was imported from Outlook Express because it was imported locally and not from the evidence files. If you don’t delete the data that was imported, you would be creating a risk of mixing the subject’s e-mail with the e-mail on the forensic workstation.
To illustrate what we just described, let’s create the directory structure and make the necessary changes to the Netscape configuration files so that we can import Netscape Mail:
-
Choose File | Import (Tools | Import, in Netscape 7); a screen similar to the following should appear:
-
The next screen queries you about the type of e-mail you will be importing. Select Outlook Express from this menu.
After importing the local Outlook Express e-mail, you will want to remove the e-mail content. At this point, you will have the necessary directory structure and configuration files established to import Netscape e-mail from the evidence data. Because we are using a profile to import e-mail, the imported data is separated from other content. (In this case, the profile we are using is “default,” but we may choose to create a new one using the unique case number for the incident we are investigating.)
The default profile within Netscape is now ready to import mail from the suspect’s computer. The directory entitled “imported.mail” is where we will copy the subject’s Netscape e-mail.
It is important that you understand the directory structure of Netscape’s e-mail storage tree. First, the “Mail” directory and its subdirectories contain the mail storage files. Additional folders under “Mail” each represent a different e-mail account. For example, a user may have more than one e-mail account administered from different service providers, and each would be its own directory in the “Mail” directory.
Within the account directories are several regular files, each one representing mailboxes within the e-mail account. We will copy these mailbox files from the subject’s account storage directory and place them in a valid user’s e-mail account storage directory on our forensic workstation for analysis. This will allow us to view the subject’s e-mail.
The following screen demonstrates the directory structure on the forensic workstation. The “default” directory is created automatically by Netscape, and we set up the account by importing the local Outlook Express e-mail storage from the forensic workstation, as described previously. The “default.new” directory is the mail storage directory we copied from the suspect’s machine. Simply copy the mail files within one of the account directories to the “imported.mail” directory on the forensic workstation.
Next, open the Netscape Messenger program and browse the imported e-mail folder that appears in the left window pane. Notice that more than one account directories appear in the “default.new” profile we obtained from the suspect’s machine. The e-mail importing process, presented earlier, would have to be iterated for every account (or Netscape e-mail storage directory) discovered on the suspect’s machine.
|
| < Day Day Up > |
|
EAN: 2147483647
Pages: 189