±Your Account
Membership:
New Today: 2
New Yesterday: 2
Overall: 24170
Visitors: 32±Latest Webinar
±Latest Articles
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Windows 8: Important Considerations for Computer Forensics and Electronic Discovery
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Windows 8: Important Considerations for Computer Forensics and Electronic Discovery
±Follow Us
±Latest Jobs
Back to top
Skip to content
Skip to menu
Back to top
Back to main
Skip to menu
Go to page 1, 2 Next
FWIW You might get some ideas from these F-Response videos:
Real World F-Response - Email - Nuix Desktop
F-Response on a Live Microsoft Exchange Server + Paraben's Network Email Examiner
More Live Exchange Server with EnCase 6.12
Capturing Specific Inbound/Outbound Emails
Capturing Specific Inbound/Outbound Emails
Posted: Fri Nov 09, 2012 6:31 am
Hi All,
I was after some advice on alternative ways to collect any inbound and outbound email from multiple accounts through Exchange 2007.
My initial thoughts were to use F-Response and FTK Imager to acquire the live EDB, then use Nuix to process and search for the required content.
I need to have some alternatives as costs may be an issue in this matter. I was wondering if anyone knew of ways this could be handled at exchange level without altering metadata of the mail, enable rules on mail criteria etc?
Thanks
I was after some advice on alternative ways to collect any inbound and outbound email from multiple accounts through Exchange 2007.
My initial thoughts were to use F-Response and FTK Imager to acquire the live EDB, then use Nuix to process and search for the required content.
I need to have some alternatives as costs may be an issue in this matter. I was wondering if anyone knew of ways this could be handled at exchange level without altering metadata of the mail, enable rules on mail criteria etc?
Thanks
-
creeshie - Newbie
Re: Capturing Specific Inbound/Outbound Emails
Posted: Fri Nov 09, 2012 7:16 am
If you document your steps, what is the issue with creating rules?
-
BitHead - Senior Member
Re: Capturing Specific Inbound/Outbound Emails
Posted: Fri Nov 09, 2012 7:22 am
Probably nothing, just wanted to preserve the original mail as much as possible and see if there were other options methods out there that could be used.
-
creeshie - Newbie
Re: Capturing Specific Inbound/Outbound Emails
Posted: Fri Nov 09, 2012 9:04 am
We have had a lot of luck with using Paraben's Network Email Examiner to convert .edb's into .pst's or into individual .eml's. The only problem we have seen is with larger .edb's (i.e., 250GB+) where it tends to choke and freeze. The unfortunate issue in that scenario is that there is no resume functionality once you restart the conversion process although you can usually figure out where it failed and re-initiate the process manually from the failure point. I cannot recall the cost for NEMX but seem to remember that it was fairly reasonable. Do note that the conversion process is quite slow with NEMX.
-
eyez0n - Member
Re: Capturing Specific Inbound/Outbound Emails
Posted: Fri Nov 09, 2012 10:27 am
OK. I just read the "I need to have some alternatives as costs may be an issue in this matter", part and thought rules to deliver to multiple mailboxes and then analyze those smaller objects would not require as many resources as examining the Exchange message store.- creeshieProbably nothing, just wanted to preserve the original mail as much as possible and see if there were other options methods out there that could be used.
FWIW You might get some ideas from these F-Response videos:
Real World F-Response - Email - Nuix Desktop
F-Response on a Live Microsoft Exchange Server + Paraben's Network Email Examiner
More Live Exchange Server with EnCase 6.12
-
BitHead - Senior Member
Re: Capturing Specific Inbound/Outbound Emails
Posted: Fri Nov 09, 2012 2:44 pm
I was going to suggest something like Brightmail that can filter and run rules on email outside of your Exchange server, but that may not work with a tight budget.
This email is not an endorsement of Brightmail nor Symantec, I'm merely using it as an example.
_________________
Tony Patrick, B. Inf Tech, CFCE
www.patrickcomputerfor...s.com/blog
www.twitter.com/Patrick4n6
This email is not an endorsement of Brightmail nor Symantec, I'm merely using it as an example.
_________________
Tony Patrick, B. Inf Tech, CFCE
www.patrickcomputerfor...s.com/blog
www.twitter.com/Patrick4n6
-
Patrick4n6 - Senior Member
Re: Capturing Specific Inbound/Outbound Emails
Posted: Mon Nov 12, 2012 8:25 am
Thanks for the posts guys
-
creeshie - Newbie