Join Us!

Recommendations for...
 
Notifications
Clear all

Recommendations for searching .mbox files  

  RSS
tracedf
(@tracedf)
Active Member

At work, I've been handling a number of discovery and public records requests for email. Our mail system (Gmail) allows me to extract messages in Mbox format. The problem is that Gmail's Vault is more coarse than I need and I end up with far more messages than I actually care about.

I need a tool that allows me to do the following

1) Filter based on the To and From fields.
2) Filter based on date ranges.
3) Search the message body for key words.
4) Allow me to save or print a report where each message starts on a new page.
5) Report messages in chronological or reverse chronological order.

A typical directive from our attorneys would be something like Produce a report of all of the emails between Bob and Sally from 1/1/2012 to 3/15/2015 that include the words "Susan", "Sue" or "Johnson"; do not include messages from a third party where Bob and Sally are both recipients.

I tried using EnCase but I'm not getting the results I want. It doesn't reliably print put the messages in chronological order even when the bookmarks are arranged that way. It doesn't start each message/bookmark on a new page (if there's a way to do that, please share). And, it doesn't filter as well as I would like. There may be a better way to do what I'm doing, but I've been on the phone with support and they weren't able to figure it out either.

So, can any of you recommend a relatively inexpensive product that I can use to extract relevant messages from an mbox file as I outlined above?

Thanks,

tracedf

Quote
Posted : 20/03/2016 7:25 am
minime2k9
(@minime2k9)
Active Member

Try X-ways, it has good filtering options for emails and handles large MBOX files well.

ReplyQuote
Posted : 20/03/2016 1:24 pm
jpickens
(@jpickens)
Active Member

Encase and Xways are mainly forensic tools, but it sounds like you're more focus on EDiscovery. Those tools cost much more, but will have the better capacity to do what you want to provide data to counsel. Also eDisco software usually can pull directly from Gmail w/o having to export it to MBOX format.

I'd be curious to know what version of EnCase you're running. 7.10 or higher has much improved index and mail processing capacity.

ReplyQuote
Posted : 23/03/2016 12:18 am
UnallocatedClusters
(@unallocatedclusters)
Senior Member

Hello,

I personally use and recommend Fookes Software's Aid4Mail Forensic edition (http//www.aid4mail.com/email-forensics).

You can try "eDiscovery Edition" at $150.00 if the Forensic Edition at $300.00 is too costly.

Aid4Mail can convert MBOX files into other mail formats such as PST\MSG\EML, and perform filtering such as date range and key words.

You will need to test if Aid4Mail specifically key word filters by the body of emails - I am not sure on this point.

** If you are working in electronic discovery, please note that attorneys usually need key word filters to be applied to email attachments in addition to the emails themselves. So, if an email attachment is a ZIP file, for example, then you will need eDiscovery indexing software that will first unpack archive files such as ZIP files and identify & OCR image file attachments to emails that do not have searchable text BEFORE you embark on reliably applying key word filters.

I have encountered PST files attached to emails, which means my eDiscovery software (LAW by LexisNexis) was able to extract the emails and attachments within the PST file email attachment, etc. etc. etc.

I use Aid4Mail primarily for 3rd party email collections, which it does very well in my opinion.

If you are using it to collect Gmail accounts, you will need to login in to the account owner's Google profile to enable access by 3rd party programs such as Aid4Mail before using Aid4Mail to download a Gmail account.

The Fookes support team is very responsive to questions, I have found.

ReplyQuote
Posted : 25/03/2016 5:57 am
pcstopper18
(@pcstopper18)
Member

Another possibility is loading the mbox files into the Thunderbird email client. Should provide the capabilities you are looking for sans the reporting which I cannot speak to. You can always try the printing options to see if it does what you want.

I will also second Aid4Mail. I recommend either using the mbox in Thunderbird or converting to PST and using Outlook. If you do get Aid4Mail FE then you can probably do without the clients.

Regards,

ReplyQuote
Posted : 30/03/2016 12:31 am
4144414D
(@4144414d)
Junior Member

You have a few options in the eDiscovery space, here's some options to get you going.

proof finder by Nuix - http//www.prooffinder.com/ - $100 a year

actual nuix - http//www.nuix.com/ - $$$$

Intella - https://www.vound-software.com/individual-solutions - lots of options price wise

Law - http//www.lexisnexis.com/litigation/products/ediscovery/law-prediscovery - $$$$

FreeEed - http//freeeed.org/ - open source

I would probably suggest proof finder or Intella for you.

Be careful with non-searchable documents e.g. a scanned document in a PDF. It will have text from a human point of view but not a computer point of view. You'll need OCR to help you with this.

ReplyQuote
Posted : 13/05/2016 8:39 pm
Chris_Ed
(@chris_ed)
Active Member

proof finder by Nuix - http//www.prooffinder.com/ - $100 a year

+1 on this, seems to fit your needs precisely.

..FreeEed - http//freeeed.org/ - open source..

Haven't even seen this, will check it out. Thanks for the link!

As a quickie, if you are genuinely stuck then Thunderbird in offline mode might work for you? It does after all allow for filtering on the fields you require. You can import the mbox via a plugin.
It's not perfect but it does in a pinch.

ReplyQuote
Posted : 16/05/2016 1:23 pm
Share: