Home  »  Blog  »  Email  »  Forensic MBOX Viewer – For MBOX File Forensic Investigation

Forensic MBOX Viewer – For MBOX File Forensic Investigation

Mike Lucanc | Email Forensic | 3 minutes read | Modified on: 28-01-2022

This write-up is all about How to MBOX forensic and pare out the evidence from MBOX files and collect data as a part of the email investigation.

MBOX File Forensic – Investigate Pieces of Evidence

Possible Scenario

Today’s digital media is like a mountain of evidence that is used by the 99% of Law enforcement farms in the world to extract evidence for the purpose of litigation. Today’s era is all about digital, we communicate through email, we manage our data with emails, we keep all the secrets and information details into our mail accounts, we live our life digitally. Most of the evidence is picked up from emails that are cached and saved on the user’s email client and hard drive. In this digital forensic field, mostly email evidence is taken from usually from MBOX file format which plays important evidence in evidence. There are so many applications that use MBOX file to keep data, one of them are Thunderbird, PowerMail, Apple Mail, and the list go on. It is very important to know the location of the MBOX file to perform the forensic investigation from files. The different application uses different location to keep the MBOX file. While the examination evidence is found as emails which are needed to be investigated very carefully to solve the case. To perform forensic investigation, firstly we need to detect the MBOX file from the culprit’s machine. But sometimes what happens, is these MBOX files are hidden and we need to discover the hidden file.

The make the hidden file visible follow the steps listed below:

1 – Go to the control panel

2 – Then Appearance and Personalization

3 – Then select the option of folder

4 – Go to the View option and uncheck the “Hide Empty Drives in the Computer folder

After that we got all the MBOX files stored on the system, now we need an email Viewer to view and analyze the MBOX file –

  • Header
  • Body
  • Footer
  • Attachment

If you don’t have an email viewer for MBOX files, there are so many tools in the market to analyze MBOX files, But the most suggested and trusted by the technocrats is MBOX File Viewer.

The Tool has various advanced features to provide flexibility in MBOX Forensic –

  • Add MBOX File – The tool allows you to browse and upload multiple MBOX files
  • Preview MBOX Files – After the file has been loaded and scanned MBOX file can be previewed data and attached files.
  • Compatible Operating System – The software is compatible with the Windows Operating system
  • Save and Export Option – The software successfully saves the MBOX file to PDF (Portable Document Format)
  • File Naming Option – The tool allows users to create names according to their requirements

MBOX File Forensic – How does it work?

One can use this advanced tool for the forensic purpose by the use of its multiple data preview options. Users can dig deeply into the emails by the use of mail Hax View and Raw data view and use it for litigation. You can call it MBOX Mail Examiner. This tool could help in the investigation of digital forensics cases, which usually depend on emails. Hex View and Raw Data View option for accuracy forensic view.

Content View – In this option, Software shows the sender and receiver address, subject, email body formatting, attachments, etc.

Message Header View – it includes the information about receiving IP, file sending and receiving data, MD5 value, message-id, size, and other details.

Hex View – It includes MBOX file Hexadecimal view.

Raw Message View – It Includes Raw View of MBOX files.

Note: MBOX Viewer Tool with such feature allows the forensic investigators to achieve MBOX File Forensics.

MBOX Exporting into Valid File Format

To represent the evidence before the court, it should be in the form of a record. That is the way we generally prefer to use software to convert MBOX files into readable format. Many users face difficulty throughout the MBOX file Investigation. The problem will be solved with a good MBOX Examiner tool which is just not capable of inspecting MBOX file but also allow the conversion of them into other formats. There are few tools offered that export multiple formats for carving evidence. Easily export MBOX files to other file formats like PDF, HTML, EML, MSG, PST, CSV, etc. to be produced as a valid report.