Complete Email Processing
Email is the primary form of communication for business and individuals and is a primary source of evidence in many digital forensic investigations as well as in eDiscovery. Knowing how to process the different email archives and get the most valuable information from the active archive as well as the recycling bin and beyond is paramount for your tool.
Local Email
Network Email
eDiscovery
E3:EMAIL complete email support from processing, searching, and reporting.
The E3 Forensic Platform seamlessly adds a large variety of evidence into a single interface to be able to search, parse, review and report on the digital data from most digital sources.
Email processing can be done with just local archives with E3:EMX or just network archives with E3:NEMX or bundle them together.
Local Email Archives
There is a huge variety of email types available for people to use and with that comes a variety of processing needs. Each mailbox type in the E3 Forensic Platform is processed natively to ensure the maximum amount of data recovery.
PST - OST
When dealing with these common Microsoft mail formats it is critical to make sure that they are processed as native mail archives for data corruption repair and to ensure the most amount of deleted data recovery.
Office365
Easily use the Office365 functions in the MS Azure environment to select the custom options for processing individual mail stores or full companies in the Office365 environment. Watch our YouTube video to see the process.
Mailbox Variety
With the support of hundreds of different email formats the options are endless when it comes to processing local email stores with the E3 Forensic Platform. Supported email archives include:
Local email supported:
- Microsoft Outlook (PST & OST)
- Windows 10 Mail
- Office365 Email
- Microsoft Outlook Express
- Windows Mail Email
- The Bat!
- America Online (AOL)
- Mozilla Thunderbird
- Eudora
- Email Files (EML)
- Maildir Database
- 750+ Mime Formats
Email Servers
When dealing with any investigation in a corporate environment understanding the needs and issues of the network mail store is crucial and can make or break an investigation. Paraben’s E3 Forensic Platform has been dealing with network email stores since 2002. The unique functions to capture data from even the deepest reaches of the deleted data are only in the E3 Forensic Platform.
MS Exchange
Microsoft Exchange can be hectic and time consuming to deal with. Common problems with corruption and data loss can stop an investigation cold. The E3 Forensic Platform has been designed with that in mind with built-in data corruption repair functions that get you up and running.
Lotus Notes
Lotus Notes as a legacy mail archive can be tricky and the E3 Forensic Platform has made it as easy as possible with the ability to process the archive with the key file and convert the data to PST.
GroupWise
This legacy format is one of the more complicated of the network mail archives. The E3 Forensic Platform takes the review of GroupWise as a comprehensive post office and allows the breakdown of the individual mailstores.
eDiscovery
As with many investigations email processing is common in the eDiscovery process. The ability to bring in a variety of email data sources, deduplicate, search, and export an optimized data form are the keys to the eDiscovery process in the E3 Forensic Platform when dealing with email.
Header Processing
The full RFC header is available for review when processing through email archives in the E3 Forensic Platform. This comprehensive level of processing allows you to view the email in full context.
PST Data Conversion
As PST files have emerged as the most popular mail archive type to produce in eDiscovery the incorporation of this function has been built into the E3 Forensic Platform. MS Exchange, Lotus Notes, GroupWise and more can be converted to a PST file for review by other parties.
Searching
There are endless options for searching inside of the E3 Forensic Platform and that can help you refine the data you are dealing with in eDiscovery. From simple searches, index search, word list searches, Boolean, and GREP everything you need to optimize the data is available in the E3 Forensic Platform.
E3:EMAIL comes with everything you need for a large variety of email clients. You will find no better value in the market with the power of full text indexing, deduplication, file conversion, and native email processing of dozens of different archive types.
- Local Email Processing
- Network Email Processing
- Cloud Email Processing (Office365)
- Data Carving & Sorting
- Keyword Searching
- Full-Text Indexing
- OCR Scanning
- Variety of file viewers
- SQLite Processing
- Bookmarking
- First Year Subscription Included
Supported Mailstore Types
The following formats are available for full processing:
- AOL database
- Becky! email
- ClawsMail email
- Email examiner archive
- Email files
- Email Filetype
- Eudora database
- Evolution email
- GroupWise
- KMail email
- Lotus Notes
- MS Exchange
- MS Outlook OST
- MS Outlook PST
- Outlook Express
- SeaMonkey
- Sylpheed email
- The Bat! database
- Thunderbird
- Windows 10 & 11 Mail databases
- Zimbra email
The following files will be defined as Email after sorting:
- $EML email file
- $MSG Outlook message file
- $PMX Email Examiner Archive
- AIX compiled message catalog
- AIX message catalog
- AOL and AIM buddy list file
- AOL database files(address book or configuration)
- AOL(America online) personal filing cabinet
- Emacs RMAIL text
- Eudora mailbox file
- Firebird database file
- GNU message catalog (little endian)
- GNU
- -format message catalog data
- IBM Lotus Notes/Domino database
- IBM Lotus Notes/Domino database
- JAM message area header file
- mail forwarding text
- mail piping text
- mailed, batched news text
- MBX mail folder
- Message Sequence Chart (chart)
- Message Sequence Chart (document)
- Message Sequence Chart (subchart)
- Microsoft Exchange database
- Microsoft Exchange database 5.5
- Microsoft Exchange database old
- Microsoft Outlook binary email folder
- Microsoft Outlook Express DBX File
- MIME entity text
- MMDF mailbox
- MSN Messenger log
- Nazgul style compiled message catalog
- NetCDF Data Format data
- Netscape Commuicator (v4) mail folder
- Network Instruments Observer capture file
- news or mail text
- news text
- NeXT/Apple typedstream data, big endian
- NeXT/Apple typedstream data, little endian
- Novell Groupwise FLAIM format file
- Novell Groupwise index file
- Novell Groupwise Mail database
- Outlook Express Folder Database
- Outlook Express Message Database
- Personal NetWare Packed File
- RFC 822 mail text
- saved news text
- Smart Boot Manager backup file
- smtp mail text
- SPECweb
- The Bat! Account like settings (v3)
- The Bat! address book file
- The Bat! Common folder configuration (v3)
- The Bat! database
- The Bat! tbi indexdatabase file
- Thunderbird Mailfolder
- Thunderbird User Preferences
- TNEF
- Transaction log(for Novell Groupwise Mail db)
- Visual Networks traffic capture file
- Webshots Desktop .wbz file
- Windows mail transactional index database
Reporting & Review
There is nothing more important than showing off all the hard work that goes into the investigation. The reporting options in the E3 Forensic Platform are top of the class when it comes to being clear, concise, and kick ass. There are different report types depending on what type of data you have to share so take a look at the options.
Data review is easy with the E3 Forensic Platform with E3:View you get all the analytic powers of E3 built into a read-only viewer. You even get all the reporting options. Work in scaled teams and with others easily with E3. The E3:View is sold separately or included with E3:Universal.
