No announcement yet.

Email Forensic Pre-Sale Question

  • Filter
  • Time
  • Show
Clear All
new posts

  • Email Forensic Pre-Sale Question

    Pre-sale question: I have a hard drive with discovery of 6 very large email containers (each one has more than 30,000 emails) - 4 PST and 2 MBOX - from Jim, Joe, Randy, Tom, Dick and Harry. I want to find all emails sent, cc'd, or bcc'd by Jim or Tom to any of the 4 others. Then I need to deduplicate and output individual EML or MSG files with a particular naming convention. Is anything like this possible? Currently I have to use 5 separate and unusual software products to do this in multiple steps and it is very slow and cumbersome. This is a very common problem with criminal discovery in complex cases.

  • #2
    You can index and search the EMails in OSForensics. So the first part should be OK.

    Export format for the results is CSV or HTML. Not EML.

    You would also need to do the de-dup manually. This should be pretty easy in CSV format. But rather hard in HTML format.


    • #3
      Thank you very much!!


      • #4
        I had another thought: There is a implicit de-duplication that occurs as you add items to the case. A second attempt to add the same item won't duplicate the item. So maybe that could be used as part of the work flow.