Download & Installs the EDB Forensic Tool. When You run the tool, it opens ups with two option
Click on the Scan File Option From the navigation bar to scan and loads EDB file. Please Select the Mode to Browse the MBOX file from local Storage
When the scan completes, EDB forensics tool loads the file in recursive manner in the left panel. Click on the email to analyze it in 9+ preview modes like Hex View, Properties View, Mime View, HTML View and many are there in list
If you want to search for selected emails then you can use Search Option just click on search button then a wide search menu with multiple search option opens. There are many logical operators to refine or narrowing your search result such as AND, OR, NOT. You can also add criteria to your search like Subject, To, From, Priority etc. Click on search button to proceed. This wiil enlist your desired result.
When the search process completes then the email with given keywords get listed. There is option available to save the search result for Future reference.
When you are done with analysing and searching of Exchange EDB file then EDB Forensic Tool provides the functionality to export edb to pdf file format. Because PDF file standard format to present the evidences in law enforcement agencies like Court, Police etc.
Microsoft Exchange server is a mail and calendaring server developed by Microsoft which runs on Windows server operating system. Exchange enables you to access your mailbox and all the information you hold in Outlook wherever you go, via your web browser or a wide range of mobile smart phones and pads.
Exchange server is being used by the organisation to meet their email communication but exchange server have far more than this, it acts like the data bank for the organization. It stores the items like email, calendars, contacts, notes, task list etc. The Exchange contains the very crucial information about the user mailboxes as well the companies data. If there is any of data leakage or cyber fraud and scam majorly have the Exchange involves in it. As a data storage media, it has the wide range evidences stores in it which have great evidential value. But the investigation using the poor approach and outdated forensic ware make the forensics of exchange server complex. The Exchange server stores the key configuration and usage data in the user mailboxes on exchange itself. Collecting artifacts from Exchange online enables the user to collect the evidences at very granular level which includes the listing of content accessed and device used.
Investigation with the live exchange is so sophisticated that needs the high expertise and deep understandings of exchange server while shut down the exchange server is no feasible. So MS Exchange Forensics enables the forensicator to extract and recover the data from ms exchange mailboxes. Different collections of ms exchange files can be created for making the investigation process effective. Once the EDB forensics file is successfully scanned and added, the software will generate a recursive listing of the folders and sub-folders of ms exchange file. This enables the user to view the sub folders of the file without any hassle. Microsoft Exchange Email Forensics offers multiple email previews in order to view the evidences in detail. All the properties of emails can be seen with the different views and thus the complete analysis can be made effective. With the deep and advance searching feature in this tool, a forensic expert can search for specific mails by performing specified searches. The 9+ parameters enable to perform an effective search of evidences.
With Microsoft Exchange Email Forensics, our investigation got completed ina short passage of time and that too very effectively. I cannot wonder how long it would have taken my team to complete the case, if the software was not being deployed
I had heard so much about MS Exchange Email Forensics that in my next case I deployed the tool. The software enable me to complete the investigation without any hassle and it consumed very little amount of time for case completion.