Import Microsoft Outlook Data Files Into Oxygen Forensic® Detective

Email messages can be a goldmine of digital evidence both in criminal and corporate investigations. Oxygen Forensic® Detective enables email data extraction from mobile devices, computers, and from the cloud. Overall, utilizing various extraction methods, investigators can extract the following… Read more

Leveraging DKIM In Email Forensics

by Arman Gungor My last article was about using the Content-Length header field in email forensics. While the Content-Length header is very useful, it has a couple of major shortcomings: Most email messages do not have the Content-Length header field… Read more

Using The Content-Length Header Field In Email Forensics

by Arman Gungor As forensic examiners, we often have to analyze emails in isolation without the benefit of server metadata, neighbor messages, or data from other sources such as workstations. When authenticating an email in isolation, every detail counts—we review… Read more

Forensic Examination Of Manipulated Email In Gmail

by Arman Gungor Last week, I came across an interesting post on Forensic Focus. The poster, jahearne, was asking about how one can detect manipulation of an existing email in Gmail. In his hypothetical scenario, the bad actor was using… Read more

E-mail and appointment falsification analysis

First published September 2009 Analysis of e-mail and appointment falsification on Microsoft Outlook/Exchange By Joachim Metz Hoffmann Investigations www.hoffmannbv.nl Version: 1.0 Joachim Metz August 17, 2009 Initial version. Summary In digital forensic analysis it is sometimes required to be able… Read more

Email Evidence – Now You See it, Now You Don’t!

First published October 2008 By Sandy Boucher and Barry Kuang, Intelysis Corp. Background With the ever increasing role of computers and electronic communications in both our business and personal lives, emails have taken on a key evidentiary role in many… Read more