MailXaminer provided multiple forensic preview options to view and analyze data files in different modes. It helps investigators to fetch out strong evidence with detailed information. Using these preview modes, user can easily extract email header, metadata, content & its structure from high volume emails.
Now to get the complete preview of an email, go to the search tab and just click on the email and a new window will open in the bottom of the screen.
After clicking the email, screen will display multiple preview modes, as follows:
Message View of the tool allows previewing email messages with its all front end properties such as Path, From, To, Cc, Bcc, Subject, etc. It clearly shows the important components of the email message which may become a part of evidence.
The attachment pane is divided into two parts - first provides a preview of the attachment and the second part lists all the attachments in the email. “Attachments View” directly shows the attachment(s) in an email.
Attached data of an email can be saved on the system to analyze and extract the information contained in it.
Attachment view now comes with the provision to analyze the meta properties of the attachments separately.
Simply hit the Properties option to toggle the section on the left side.
In the “Properties View” mode, user can view the brief information of emails to get all the summarized details. It provides information about email attributes like Dates, Message Flags, Recipients, Sender details, Subject and Additional Info.
Email Header Details and Message Flags are the two important features that provide some specific information like Message-ID, IP Address, etc of the particular email. It can help the investigators to trace the identification of emails.
“Message Header View” of an email provides the basic details of the message like MIME Version, Message ID, Content Type, To, Bcc, From, Sender Address, etc. The detailed information in the message header of selected email is helpful in tracing the emails.
(MIME) Multipurpose Internet Mail Extensions is an internet standard that represents the SMTP mail's inner detail. It discloses the important details of email that helps to find out hidden evidence in emails, like Priority Field. It also extends the support for email text or non-text attachments and header information.
Users can select HTML View, to analyze the internal HTML script of an email. The entire content of selected emails and its original formatting can easily be viewed with this option.
If some kind of action has been done to manipulate the originality of the emails then, this view will show the comparison points i.e. where the changes have been done.
RTF view shows the available Rich Text Formatting of content in the email which helps to maintain the originality of emails.
With this view, the format and font setting of email can easily be analyzed and compared with the original email to recover the email evidence.
Email preview in “Hex View” mode shows all the entities of email in binary file format. In this view, three columns are provided i.e., Offset, Hex Code & Text Value. For the selected character, Line Number and Column Number are also provided which are visible at the bottom line.
If any part of the email content is altered or manipulated by someone, it can be easily analyzed by mapping characters from the hex code.