Email

You probably recall from our discussions regarding the EnCase Evidence Processor (EEP) that it processes email as one of it feature sets. In this section, I’ll first review the EEP email-processing options. Next, I’ll cover how to examine the results of the email processor and bookmark those results into your report. The EnCase Evidence Processor has a Find Email module that will currently process the following email types:

  • Outlook (PST)
  • Outlook Express (DBX/MBX)
  • AOL
  • MBOX (a common flat file format)
  • Lotus Notes (NSF data stores)
  • Microsoft Exchange Email Server (EDB files)

To run the Find Email module, simply launch EEP, check the Find Email feature, and choose which email types you want to find, as shown in Figure 10-44.

Get EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.