Introducing Aid4Mail: Closing Email Evidence Gaps for Investigators

Fookes Software Ltd, developer of Aid4Mail, has partnered with Forensic Focus as an advertising sponsor for 2026. Aid4Mail is professional software for digital forensics and eDiscovery practitioners, developed for more than 25 years, that addresses the email evidence gaps left open by general-purpose investigation platforms. Over the coming year, Fookes Software will publish articles, webinars, and technical resources through Forensic Focus covering Aid4Mail’s capabilities in cloud attachment collection, AI-powered email classification, enterprise-scale Microsoft 365 access, advanced email recovery, and workflow extensibility.

Email evidence sits at the center of the majority of digital investigations—fraud, insider threat, IP theft, regulatory response—yet the platforms most forensic teams rely on were not built for email as a primary workflow. They collect what is in the mailbox. They may not recover what was deleted, retrieve what was never downloaded, or capture the cloud documents that modern emails reference rather than attach. For investigators who need the complete picture, that gap has consequences.

Aid4Mail was built to close it. Supporting more than 40 email formats and services, Aid4Mail processes local archives, cloud mailboxes, and enterprise mail systems through a single workflow—at speeds up to 10x faster than competing tools for local file processing—while extending into the evidence categories that general-purpose platforms routinely miss.

► Cloud attachment collection. When emails contain links to OneDrive, SharePoint, or Google Drive rather than traditional attachments, standard collection tools capture only the URL. Aid4Mail retrieves the actual file, including the specific revision that existed when the email was sent, along with full access and collaboration metadata. Aid4Mail is currently the only forensics tool to provide this capability across both the Microsoft and Google ecosystems.

► AI classification—cloud and offline. Aid4Mail integrates AI classification directly into the processing pipeline, enabling practitioners to classify large email collections by responsiveness, privilege, or investigation-specific categories without manual review of every message. The framework has been benchmarked across 18 models, including accuracy-verified testing on 1,170 emails across three languages and a 34,000-email production-scale throughput validation. It supports commercial providers (Anthropic, Google, OpenAI, and others) alongside locally deployed offline models via Ollama or LM Studio. The offline option meets the data sovereignty and air-gap requirements of law enforcement, government agencies, and privacy-constrained enterprises. Every classification is structured, per email, and auditable. In accuracy testing, top-performing commercial models achieved weighted scores above 97%. For throughput-focused deployments, the fastest models processed over 400,000 emails in a single weekend (62 hours).

► Microsoft 365 App-Only Access. Enterprise investigations involving multiple custodians typically require individual credentials or IT-managed collection for each mailbox. Aid4Mail’s App-Only Access allows an administrator to grant tenant-wide access through a single IT-administered configuration, enabling organization-wide collection without requiring individual user credentials or per-mailbox enrollment.

► Advanced email recovery. Deleted does not mean gone. Aid4Mail recovers double-deleted emails from IMAP and Exchange Recoverable Items, extracts MIME-formatted messages from unallocated disk space and corrupted archives through forensic carving, and repairs damaged mbox files that other tools cannot process. In internal testing on standard corruption scenarios, Aid4Mail achieved a 100% recovery rate against a competitor average of 65%.

► Free Portable Email Viewer. Sharing a processed collection with prosecutors, outside counsel, or regulators typically requires a review platform with per-user licensing. Aid4Mail’s Portable Email Viewer is a free, zero-installation, fully redistributable HTML-based viewer that handles collections of 100,000+ emails and runs from a USB drive or network share without any software installation on the recipient’s machine. Recipients can search email metadata and tag messages for follow-up without installing anything or holding an Aid4Mail license.

A free trial of Aid4Mail is available at www.aid4mail.com/free-trial. Pricing and edition details are at www.aid4mail.com/pricing.

Fookes Software Ltd is a Swiss-based software company founded in 1996 by Eric Fookes, with more than 25 years of specialized expertise in email data processing. The company develops Aid4Mail—its flagship product for digital forensics and eDiscovery practitioners—trusted by law enforcement agencies, government bodies, law firms, and Fortune 500 companies in over 100 countries. All core Aid4Mail functionality is developed in-house at the company’s headquarters in Charmey, Switzerland, ensuring the performance, accuracy, and data integrity that investigators depend on for critical casework.