Import Microsoft Outlook Data Files Into Oxygen Forensic® Detective

Email messages can be a goldmine of digital evidence both in criminal and corporate investigations. Oxygen Forensic® Detective enables email data extraction from mobile devices, computers, and from the cloud. Overall, utilizing various extraction methods, investigators can extract the following

Leveraging DKIM In Email Forensics

by Arman Gungor My last article was about using the Content-Length header field in email forensics. While the Content-Length header is very useful, it has a couple of major shortcomings: Most email messages do not have the Content-Length header field

Using The Content-Length Header Field In Email Forensics

by Arman Gungor As forensic examiners, we often have to analyze emails in isolation without the benefit of server metadata, neighbor messages, or data from other sources such as workstations. When authenticating an email in isolation, every detail counts—we review

Forensic Examination Of Manipulated Email In Gmail

by Arman Gungor Last week, I came across an interesting post on Forensic Focus. The poster, jahearne, was asking about how one can detect manipulation of an existing email in Gmail. In his hypothetical scenario, the bad actor was using

Searching And Filtering Emails When Forensically Collecting Mailboxes

Hand-drawn contacts and emails sketch with depth of field focus
by Arman Gungor When mailboxes are forensically preserved for eDiscovery or digital forensic investigations, their contents are almost always searched and filtered. Filtering emails helps overcome time, scope and cost constraints and alleviates privacy concerns. There are two main ways

E-mail and appointment falsification analysis

First published September 2009 Analysis of e-mail and appointment falsification on Microsoft Outlook/Exchange By Joachim Metz Hoffmann Investigations www.hoffmannbv.nl Version: 1.0 Joachim Metz August 17, 2009 Initial version. Summary In digital forensic analysis it is sometimes required to be able

Email Evidence – Now You See it, Now You Don’t!

First published October 2008 By Sandy Boucher and Barry Kuang, Intelysis Corp. Background With the ever increasing role of computers and electronic communications in both our business and personal lives, emails have taken on a key evidentiary role in many