Apologies if this is in the wrong forum but felt it was more a general discussion than a targeted educational query.
For my final year project I am working with electronic mail, looking at the extraction, indexing, reviewing and exporting of mail as well as large scale mapping of central mail servers and for my research I am looking for any information on the structure of electronic mail as well as any particular tools that perform this task currently in the forensic field.
My research so far has covered EnCase, FTK with addon's, Nuix as my email investigation tools - I was wondering if there were any other ones which are used in industry for analysis? With regards to documentation I have read RFC 2822 - Internet Message Format as well as articles relating to the header information on electronic mails.
I am ideally looking for pointers in which direction my research should continue and any help would be greatly appreciated.
Regards,
Kieran
You might want to check out Vound and Aid4Mail.
+1 for Vound (Intella) it's very similar to NUIX so if you are familiar with NUIX should be easy enough to use.
First you want to distinguish between the type of analysis
* content-centric (like e-Discovery)
* "artefact"-centric (e.g. timestamps. conversation index)
RFC 2822 if of little use if you're analyzing other formats. Check the following projects.
Outlook PST files
http//
NSF
http//
Outlook Express
http//
Exchange
http//
Regarding tools
X-Ways
Unless you're doing an evaluation on how the tools represent their result, you actually want to know which parser the tools are using. You'll find that some of the tools use the same parser implementation. E.g. for PST Outside-In, libpff or even the Outlook MAPI (which is not forensically sound).
My research so far has covered EnCase, FTK with addon's, Nuix as my email investigation tools - I was wondering if there were any other ones which are used in industry for analysis?
I can recommend our own tool, Belkasoft Evidence Center (link in my signature). Includes email analysis of most popular clients. You can contact me to obtain a license (free for educational jobs such as yours).
There's also P2 Commander which incorporates the capabilities of E-mail Examiner and Network E-mail Examiner. We've been analyzing email for over 10 years with these products.