Conducting an email...
 
Notifications
Clear all

Conducting an email review using free/low cost software  

  RSS
klllmmm
(@klllmmm)
New Member

I have several email files (split into 1GB files) for few custodians.

1 Presently I recover deleted emails (and convert to PST if the received file is in OST) using DataNumen Exchange Recovery software.

Then I loaded the files to outlook desktop client software and review the emails in there.

2 I also get the details of the emails, metadata through a python script. However, I suspect that extracted email data may not be complete and therefore any keyword searches conducted on that database may be incomplete.

3 I tried to ingest PST files into the Autopsy forensic software(version 4.13), but it did not recognize most of the email messages from PST or from OST files. So I gave up this option.

Can someone suggest a free or less cost software tool to help with email review in a forensically sound manner?

Updated - Also appreciate if someone can explain how to process and review emails using Encase (V 8.09), would this be possible?

Highly appreciate your valuable thoughts on this.

Quote
Posted : 18/04/2020 4:35 pm
UnallocatedClusters
(@unallocatedclusters)
Senior Member

DISCLAIMER I have no professional association with Passmark, maker of OSForensics.

In my opinion OSForensics is the most cost effective tool to use to review, analyze, tag and produce email files short of using a dedicated electronic discovery tool.

One can create separate dedicated indexes per custodian in the same OSForensics project which can then be searched individually or in combination with another custodian's index.

The main downside with email review using OSForensics (as compared to a dedicated electronic discovery tool such as Relativity) is that responsive emails must be converted to PDF files for Bates stamping and production individually rather than in batches.

However, that caveat notwithstanding, OSForensics can generate an HTML format report containing key-word responsive emails and email attachments, which can then be reviewed for production by attorneys.

So the basic OSForensics workflow is

1. Create a new OSForensics project
2. Generate individual indexes for each custodian; name each index by the custodian's name.
3. Run search terms across all custodians' indexes at once (or one custodian's index at a time)
4. Generate an HTML report containing key word responsive emails and email attachments
5. Open the HTML report and review the key word responsive emails and email attachments for responsiveness.
6. Print responsive emails and email attachments to PDF files from the HTML report
7. Apply Bates stamps to the PDF files for production using Nuance's PDF software or Adobe Pro.

GetData's Forensic Explorer also has a very robust email review capability but is more expensive than OSForensics.

ReplyQuote
Posted : 18/04/2020 5:06 pm
klllmmm
(@klllmmm)
New Member

@UnallocatedClusters

Thanks you so much for your comment. I'll try these two softwares.

ReplyQuote
Posted : 19/04/2020 6:16 am
LeGioN
(@legion)
Member

There is also Intella by Vound forensics that might suit your need.
It looked alright, but in the end it never ended up fitting in in our forensic investigations.

ReplyQuote
Posted : 20/04/2020 8:29 am
jaclaz
(@jaclaz)
Community Legend

There is also Intella by Vound forensics that might suit your need.

The definition of "free or low cost" must have changed while I was distracted roll .

jaclaz

ReplyQuote
Posted : 20/04/2020 10:41 am
LeGioN
(@legion)
Member

Well their cheapest one is 1000 USD atm if you are to buy it.
Compare that to FTK or Magnet Axiom that is pretty cheap in the grand scheme of things.

After all I did not see any price limits in the "Free/low cost" P

But the main reason why I listed intella is and I quote

"Vound will be pleased to provide a fully functional, time-limited evaluation copy of Intella to qualified individuals."

Which would let him try out the full thing for free before having to commit to anything )

ReplyQuote
Posted : 20/04/2020 10:50 am
jaclaz
(@jaclaz)
Community Legend

Well their cheapest one is 1000 USD atm if you are to buy it.
Compare that to FTK or Magnet Axiom that is pretty cheap in the grand scheme of things.

After all I did not see any price limits in the "Free/low cost" P

Yep ) , everything is relative, a Tesla model 3 can well be called free/low cost if compared to an Aston Martin Rapide-E. wink

jaclaz

ReplyQuote
Posted : 20/04/2020 12:15 pm
LeGioN
(@legion)
Member

Well their cheapest one is 1000 USD atm if you are to buy it.
Compare that to FTK or Magnet Axiom that is pretty cheap in the grand scheme of things.

After all I did not see any price limits in the "Free/low cost" P

Yep ) , everything is relative, a Tesla model 3 can well be called free/low cost if compared to an Aston Martin Rapide-E. wink

jaclaz

That's why I no longer have a car at all. As there was no free and opensource car I could afford. (

ReplyQuote
Posted : 20/04/2020 1:30 pm
Share: