Paraben s E-mail Examiner

 < Day Day Up > 



Paraben’s E-mail Examiner

E-mail Examiner (available at http://www.paraben-forensics.com/examiner.html) takes messages stored in many different archive formats and shows them in a searchable and customizable interface.

E-mail Examiner runs in a Windows environment and supports a wide variety of mail formats, including Outlook Express, Eudora, Mozilla and Netscape Messenger, Pegasus, The Bat!, Forte Agent, PocoMail, Calypso, FoxMail, Juno 3.x, EML message files, and Generic mailboxes (mbox, Berkeley mail format, BSD mail format, and Unix mail format). Support for MS Outlook .pst files is available through Paraben’s Pst Converter, which is distributed with E-mail Examiner. Access to the following mail formats is possible by first importing them into Outlook Express: Microsoft Exchange, Microsoft Internet Mail, and Microsoft Windows Messaging.

Implementation

When you first start E-mail Examiner, you will see the E-mail Examiner Wizard window. The first step in the examination of mailboxes is to help E-mail Examiner find your messages. Use Page 1 of the Wizard to indicate which e-mail program you would like to examine, and then click the Next button.

click to expand

E-mail Examiner should find the mailbox files/message folders on your system. Once the mailboxes are found, the program will highlight their folders in the list on Page 2 of the Wizard. If you are unable to find the mailboxes desired, or you have them stored in a unique location, you will need to browse the list and select the correct folder. Notice two check boxes that allow you to open all mailboxes and to include subfolders. These options allow you to import and examine multiple mailboxes from multiple e-mail formats at the same time, which is useful if a suspect has more than one account or mailbox and you would like to examine them together.

click to expand

Page 3 of the wizard provides filter options you can use to limit the display to certain kinds of messages. This filtering can save time if the examiner is looking for a particular message and it falls in one of the filter categories. Click the Finish button, and the Wizard will display the results of your work in the program’s main grid.

click to expand

If deleted messages were included in the Inbox that were never moved to the Deleted Items folder, they would show up in the following screen. This tool shows you deleted messages a user would never know otherwise existed.

click to expand

To examine MS Outlook files, choose File | Import PST Files to open the PST Converter dialog box, shown next. Click the Add Files button to search manually and select .pst files on your disk, or click the Search Disk button to list automatically all .pst files stored on the chosen drive. When you have found all the .pst files you want to analyze, click the Convert button to start the conversion process. When it’s finished, simply open the resulting text file as a generic mailbox. Because the file created is a text file, the searching capabilities are extremely fast compared to searching an imported PST through the Outlook client.

click to expand

Paraben E-mail Examiner also provides Boolean operators with multiple criteria. In addition to searching for exact matches in your e-mails, E-mail Examiner lets you search for approximate and Soundex (sound-based) matches. These flexibilities make it simple to define, group, and sort relevant messages.

The tools available in E-mail Examiner assist you in creating message subsets, extracting addresses and attachments, and compiling message traffic and word statistics. You can take advantage of a scripting language that allows you to create custom operations and automate repetitive tasks such as opening message folders, searching through correspondence, and archiving e-mails.



 < Day Day Up > 



Anti-Hacker Tool Kit
Anti-Hacker Tool Kit, Third Edition
ISBN: 0072262877
EAN: 2147483647
Year: 2004
Pages: 189

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net