Hi
My name is Bob Byrnes, I am new to the computer forensics world and need help. Does anyone have a protocol for collecting emails from a network server?
First off all it depends on what kind of server it is MS Exchange, Linux IMAP / POP3, Novel Netware, you name it.
Is the server still online? If so, the administrator should be able to give you a copy of the mailbox. If not, you need to know where to look, depending on the OS and the MTA software.
So to many questions to give yo a short answer.
Hi,
You need to post a little more information as zon4jou says or you'll get mostly general advice that might not be applicable to your scenario.
A further consideration is are you looking to view only what is in live mailboxes or what has been archived previously? Many mail applications including Novell GroupWise and Microsoft Exchange+Outlook allow a user to archive their message store onto their local PC, to save server space. So something you might be looking for might no longer be in the mailbox databases.
Steve