Knowledgebase:
Investigating E-mail Files
Posted by Jack H. Ward, Last modified by Jack H. Ward on 06 February 2018 04:27 AM

E-mail File evidence is an *.eml file or the folder containing *.eml files.

E-mail files can be created by Microsoft Outlook or other e-mail program and it can also contain an e-mail attachment or files sent with a message.

E-mail Files have no default location.

To investigate E-mail Files, do the following:

1. Have the Add New Evidence window open.
2. In the Category list, select E-mail Database. In the Source Type list, select Email File. Click OK.



3. In the Select source for mounting window, select the Folder option to open the folder containing the *.eml file(s). Select the File option to open an *.eml file.
4. If you select the Folder option, in the Browse For Folder window, navigate to the folder containing the Email Files and click Open. If you select the File option, in the standard Open window, navigate to the *.eml file and click Open.
5. Enter the Evidence name (by default, the name of the file/folder to be added) and click OK.
6. The E-mail Files are added to the case.
7. The list of *.eml files is displayed in the Case Content pane (to the left), messages stored in them are displayed in the Data View pane (to the right).
8. Select the message in the Data View pane.  Its contents are displayed in the E-mail Data pane (at the bottom).
9. You can view the message contents in different formats and/or view the attachments.



Attachments 
 
 EML.png (38.98 KB)
(0 vote(s))
Helpful
Not helpful

Comments (0)