Email Forensics Investigation – The Case Study!

Overview

A freshly started medium-scale enterprise of cosmetic products based in Amsterdam experienced some unusual glitches in the accounting and product management details. It was also discovered that the products were sold in market at bluffed prices. Since the company itself had a team of few IT professionals, the primary step was taken to check the records, system log files, and other details. Soon the company took a decision to handover the case to investigators and a covert operation was held by investigators in order to identify the suspects.Suspects were amongst company's employees and hence investigation was to be done on personal and official databases, email files, etc.

Challenge

Solution

Forensics investigators needed a reliable and secured solution for extracting the output from distinct desktop email client files. Emails were supposed to be critical element in this case as many unknown IP addresses were traced while examining the system logs. FTK Imager, Encase and MaiPro+ was included for the investigation for hard drive imaging to analyze database files and email files of systems. MailPro+ was chosen as the company only involved desktop email clients and investigators needed to probe through each and every email which were available in bulk. The selection of MailPro+ was made due to below mentioned capabilities of the software application;

Procedure

Acquirement of Email Evidences

Analysis& Report Generation

Results Gained!

The emails were found to be critical source of evidences and soon the guilty was found red-handed blatantly within the estimated deadline.

  1. Emails from different email clients belonging to the employees were scanned-through and using the advance searching facilities, evidentiary information related to whole crime-scene was traced.
  2. Two employees were found guilty and were held with charge claimed of internal data breaching.
  3. This lead to other group of outsider people who lead this whole scandal through the IP addresses traced through the emails of the suspects
  4. The evidences in the form of emails and other databases and account sheets were handed over to the legal authorities for further court hearings and were presented in court.
  5. The employees were convicted for their acts and were punished and criminal charges were filed against them

Words from Investigators:

"We must say that the technical equipment used especially for email investigation i.e. MailPro+ helped us to sail through this case when it was getting more and more critical. This software solution has intense and excellent searching capabilities which assisted us to reach to the key clues of the case."