MailXaminer

2020

Forensic Email Investigation Tool to Analyze Emails

for Investigators with Speed, Accuracy & Ease

The demo version of the software can be obtained by making request via
the following page: -

http://www.mailxaminer.com/download.html
 Table of Contents

Overview ......................................................................................................................................... 2
System Requirements...................................................................................................................... 3
Installation of SysTools MailXaminer ............................................................................................ 4
Uninstall Software .......................................................................................................................... 6
Software Menu Option .................................................................................................................... 8
Software Navigation Option ......................................................................................................... 10
Complete Steps to Recover, Examine & Export Evidences from Multiple file Formats ............. 11
Create Case ................................................................................................................................... 13
Open Existing Case ....................................................................................................................... 17
Open, Export and Import Case...................................................................................................... 18
Export Case ................................................................................................................................... 18
Import Case ................................................................................................................................... 20
Add/Scan File................................................................................................................................ 23
Scan Google Apps Admin without IMAP .................................................................................... 37
Scan Live Exchange ...................................................................................................................... 39
Preview the Data Mode ................................................................................................................. 42
Preview Privilege Option .............................................................................................................. 51
Preview Bookmark Option ........................................................................................................... 55
Preview Sent Review Option ........................................................................................................ 58
Preview Tag Email Option............................................................................................................ 63
Preview Log Report Option .......................................................................................................... 69
Preview Image Analysis ............................................................................................................... 78
Search Option................................................................................................................................ 81
Export Option................................................................................................................................ 98
Export Files ................................................................................................................................... 98
Export Folders ............................................................................................................................. 103
Preview the Result ...................................................................................................................... 108
Demo Version ............................................................................................................................. 109
Purchase Software ....................................................................................................................... 110
Online Support ............................................................................................................................ 111
Overview Top

Welcome to SysTools MailXaminer

SysTools MailXaminer is an email examination tool that helps to scan, search & export from
email file types of multiple platforms ( EML, Eudora, Lotus Notes, Microsoft Exchange Server,
Microsoft Outlook, Mozilla Thunderbird and many more.) to multiple email output
formats(Concordance, CSV, HTML, MSG, PDF, PST, TIFF, PRINT). MailXaminer allows &
involves lawsuits that helps clients in the process of email recovery and provides great
productivity with less effort. The software is developed in in a corporate environment under the
supervision of high-skilled professionals.

Key Features of SysTools MailXaminer

 MailXaminer tool has provides an "Advance Keyword Search" feature that searches
evidences from within the emails.
 Software analyzes and recovers deleted mails that represents as email evidence that
suitable for the court of law.
 Download mailboxes from numerous web accounts such as : Office365, Live Exchange
server & Google Apps admin without IMAP
 The software examines and filters emails that have pornographic images by Skin tone
analysis feature.
 Creation, Management and Analysis of evidences done with the creation of Case
Repository.
 The software also exports carved out evidences into multiple output formats like
Concordance, PST, MSG, PDF, TIFF etc.
 Provides team collaboration feature, allowing multiple investigators to work on the same
case.
System Requirements Top

System Requirements for SysTools MailXaminer:

For proper working of the software, it is necessary that all the system based requirements are
fulfilled. Below is a list of requirements that need to be fulfilled to get proper results out of the
software.

Minimal System Software Specifications

Windows 7, 8, 10 (32-bit or 64-bit)

Basic Hardware Requirements

 Platform - Intel® Pentium® 1 GHz processor (x86, x64) or equivalent)

 Memory - 4 GB RAM
 Disk Space - Around 200 MB for installation

Additional Software Requirements

 Additional Software - Microsoft .NET Framework 4.5

Installation of SysTools Top
MailXaminer

You can install SysTools MailXaminer properly on your computer by performing the following
steps:

 Download SysTools MailXaminer latest version from the website:

http://www.mailxaminer.com/download.html
 Double click on download SysTools MailXaminer (setup-mailxaminer.exe). Click on
the Run.
 Once you double click on set up, the setup will prompt, Do you want to run this file?
Click on Run to continue the installation.
 After this, when you click on Run, and a welcome screen of SysTools MailXaminer
setup will appear. Click on Next, to proceed.

 After clicking on Next, the set up will offer you a License agreement and you have to
accept it to proceed. Once the agreement is accepted, the Next option will automatically
get activated for you. Click on Next to proceed.
 When you click on Next, you will be asked to select a destination location for installation
of software. By default, the software will get installed on this location C:\Program
 Files\SysTools MailXaminer but, if you wish to change it then, you can also select a
different destination location by clicking on Browse button. (Once you select the
destination location, Click on Next to proceed).
 After doing this, you have to select the Start Menu Folder in which the program
shortcuts need to be placed. Click Next.
 After selecting the Start Menu folder, the set up will ask you to perform Additional Tasks
like Creating Desktop Icon or Creating a Quick Launch Icon. You can perform the
additional tasks as per your need and proceed.
 After this, the set up will display a message stating that the software is ready to be
installed on computer system. (Click on Install button in that Message Window to move
to the last step of installation process)
 At last, you will get a confirmation message stating that setup process is complete, do
you want to Launch SysTools MailXaminer. Click on Finish in that Message Window
to launch the software after a successfully after installation.
Uninstall Software Top

Un-Installation of SysTools MailXaminer

You can uninstall SysTools MailXaminer software in two ways:

 From the Windows Start menu

 From the Control Panel

Important Note: To uninstall the software, first make sure that SysTools MailXaminer is not
running in the background.

Using software uninstaller

Click Start button from the Windows menu. Click All Programs » SysTools MailXaminer »
Uninstall SysTools MailXaminer .

 A Warning message before un-installing the software will be displayed on the screen.
Click Yes to uninstall the software:

 After this step, SysTools MailXaminer Software setup will start the uninstalling from
the computer system.
 After this SysTools MailXaminer Software will be successfully uninstalled from the
computer system. Click on OK to close the window.

Uninstall Using Control Panel

 Another alternative described here for software uninstallation is through Windows
Control Panel which holds and maintains all system settings. This alternative is
described here just for the sake of completeness. You can easily skip this step if uninstall
is successfully done using the above mentioned process.
 Click on Start and look for Control Panel in start menu that appears. Find Add and
Remove Programs within Control Panel. Add and Remove Program generates
comprehensive listing of all binaries presently installed on Windows. Find out SysTools
MailXaminer and double click on it to start it's uninstall procedures
 The Software prompts you asking whether you would like to remove SysTools
MailXaminer and all of its related components. Go for Yes.
 Click OK on the message reporting about the successful uninstall of SysTools
MailXaminer
Software Menu Option Top

The first menu bar on the top left corner consists of Software menu options. SysTools
MailXaminer consists of menus which are divided into several other menu items, as explained
below:

File Menu

Option Description

New Case Create new Case

Open Case Open existing Case
Import Case Import Case
Save Case Save the Case which user want to save
Close Case Close current Case
Scan File Scan the files
Exit Closes all the Applications

Option Menu

Option Description
Language Set the language
Settings Set the settings
Help Menu

Option Description

About Us Display info about MailXaminer

Activate Product Activate the product key
Software Navigation Option Top

The software has direct navigation options which let you perform some operations directly:

 Home
 Scan File
 Export
 Bookmark
 Mark As privilege
 Remove As privilege
 Logs
 Tag
 Activate Product
 Exit

Option Description

Home Page
Scan Selected File
Export Selected File
Bookmark the File
Mark Privilege of the file
Remove privilege from file
Show the Logs
Add and Create the tag
Activate Product through license key
Close the Application
Complete Steps to Recover, Top
Examine & Export Evidences
from Multiple file Formats

Steps to Recover, Examine, Export & Save from multiple emails file type to CSV, EML, HTML,
MSG, PDF, PST, TIFF.

SysTools MailXaminer software offers to Load, Scan, and Search & Export from multiple
emails file types to various output formats such as: Concordance, CSV, HTML, MSG, PDF,
PST, TIFF, PRINT. The software smoothly does the entire exportation with simple steps. Below
mentioned are the steps and screenshots exhibiting the working of SysTools MailXaminer
software

 Step 1 – Create Case

In the first step, user creates the case. Learn More →

 Step 2 – Open Existing Case

In second step, open exist case. Learn More →

 Step 3 – Open, Export and Import Case

In third step, Open case and export it to specific location and then import case. Learn
More →

 Step 4 – Add/Scan File

In fourth step, Add the files and scan it. Learn More →

 Step 5 – Scan Google App Admin without IMAP

In fourth step, In fourth step, Show process to create backup of Google Apps data without
IMAP setting synchronized. Learn More →

 Step 6 – Scan Live Exchange

In fourth step, In fourth step, Process of Live Exchange Server Mailbox Analysis. Learn
More →

 Step 7 – Preview the Data Mode

Preview all data mode like Hex View, Normal View, Properties View, MIME View etc.
Learn More →
 Step 8 – Preview Privilege Option

Preview Mark as Privilege and Remove Privilege option. Learn More →

 Step 9 – Preview Bookmark Option

Create Bookmark in emails. Learn More →

 Step 10 – Sent Review Option

Send the analyzed evidences to other investigators for further analysis. Learn More →

 Step 11 – Preview Tag Email Option

In this step, create Tag names with its description. Learn More →

 Step 12 – Preview Log Report

In this step, preview all Log Report of Bookmark, Privilege, Export, Search etc. Learn
More →

 Step 13 – Preview Skin Tone Analysis

In this step, preview pornographic images by Skin tone analysis feature. Learn More →

 Step 14 – Search Option

In this step, figure out evidence from generic data available by using search option. Learn
More →

 Step 15 – Export Option

Export option to export file into Concordance, CSV, EML, HTML, MSG, PDF, PST, and
TIFF. Learn More →

 Step 16 – Preview the Result

In this step, preview the output result of the process. Learn More →
Create Case Top

 Go to Start » Programs » SysTools MailXaminer » SysTools MailXaminer. First window

of the software appears as shown below:

 The software offers two options:

1. Create a New Case: User can create new case with all new facts and information.
2. Open Recent Case: User can open existing case also.
 Then, choose "Create a New Case" and the following window will appear where user
has to fill up all the details regarding the case such as; Title, Case Directory, Keywords
etc. :
 Now Click on Add button :
 A pop up window will display the message of successfully adding the case along with the
case name :
Open Existing Case Top

 Run the software and click on Open Recent Cases.:

 User can select from a list of recently created cases and click on Open:
Open, Export and Import Case Top

Export Case

 You can also go to the software Home Screen and click on File Menu followed by Open
Case to open a case. :

 Similarly, select the case from the list of Recent Cases and click on Open to open it :
 Now you can Browse the specific location and Export it :
 Case successfully export to its location :

Import Case

 Choose Import Case from File Menu :

 Choosing Import Case option the following pop up window will display, and then choose
Browse option to browse the case file :

 Select the case and click Open to proceed :

 Using the second Browse Button, select an Import Location for saving the imported case on
the computer. Click on Import to import the case. :
Add/Scan File Top

 After filling in the entire details of the case, the following window will be displayed on
screen where the user needs to select the file to be scanned :

 File : Select "File" option and choose desired email file type from multiple email file types :
 Click on Browse button to select the file from its storage location :
 Web: User can select a desired Web Mail Account also. Just provide the corresponding
User Name and Password for the admittance of account. Also, a Date Filter option is
provided :
 Image :You can also analyze EnCase Forensic Image File of disk i.e. E01:
 Bulk : In bulk mode, software offers following 3 modes :

1. Add File: With this option multiple file selections can be made by using the Shift or
Ctrl button during selection.
2. Add Folder : The software automatically fetches files from the folder selected
3. Remove : Removes any Email file from the selected ones
 Add Folder: This option is to add multiple files at once. The software automatically fetches
files from the folder selected as it shown in below screen :
 Remove : This option is to add remove email files from the list of files opened :
 Duplicate file will be skipped: The software allows skipping duplicate files too.
 You can provide the login credentials for the encrypted email files. If the files are not
encrypted, then you can create your own new default login credentials by providing a
Username and Password :
 Now Add respective PST file by clicking on Add option :
 After clicking on Add option the following window will appear in which the Email File
Status, Mail Count, File Count, and File Size (GB) easily can be viewed :
 Edit Case: User can use Edit Case option to edit the case later and save it. Now Click on
View or View all options to preview the mails :
 Dashboard: You can view the complete overall details of emails like: Mail Details,
Attachments Categories, Mail Duplicate/deleted status, Mails Time Line.
 The software also provides a facility to edit the case further, by using "Edit Case" option. Now
click on View :
Scan Google Apps Admin without Top
IMAP

 Click on Web tab and select Google Apps Admin option to download the emails of GApps
Admin :

 You must create a project to avail the facility of downloading GApps admin account emails.
Fill the details in the fields provided on Admin Options window :

1. Project Name
2. Service Email Address
3. P12 Password
4. Select File (P12 Key File)
5. Select File (User Account CSV file)
6. Date Filter: From and To dates (Optional)
7. Click on Add
Scan Live Exchange Top

 Click on Web tab and select Live Exchange from the list of options :

 A Live Exchange window will appear. Select the version of Exchange Server -
(2007, 2010, 2013 and 2019) and provide the Server Name/IP and Domain :
 If Impersonation Rights owned, select the checkbox for Use Impersonation.:

i. Provide the Credentials (Username and Password) of the Mailbox for which Impersonation
is owned.
ii. Select the mailboxes:

a. Browse CSV with list of Mailbox IDs

b. Or choose, 'Let me type in Email IDs' to manually add the email IDs

iii. Click on Add

Preview the Data Mode Top

 After the software loads the PST File, select the items that you want to view. You can
preview email content in the desired View mode :

 Conversation View displays the messages arranged in conversations to make the context of
messages easier to understand :
 Normal Mail View displays the default view of mails that you view in software :
 Hex View of email is shown below. This view gives a complete preview of the hexadecimal
coding of email:
 Properties View of email is shown below in which entire header information can be viewed:

 Message Header View of email is shown below in which the entire header of corresponding
mail is represented:
 MIME View of email is shown below. It gives forensic users a picture of the supported
internet extensions:
 Email Hop View : gives the forensic user the picture of supported internet extensions :

 HTML View is the standard view and basic HTML view :

 RTF View of email. It appears in case of those emails which are rich text formatted::
 Attachment View of email is shown below in which user can view the embedded attachment
of email :

 Hierarchical View shows the hierarchical structure or subfolders of the selected email’s
folder:
Preview Privilege Option Top

 To protect emails from being exported, they can be marked as privilege. Select the email(s)
and right click on it. Click on Mark As Privilege

 Now, Emails marked as privilege will appear with a 'lock' icon :

 When exporting emails marked as privilege a popup window will notify the status as: 'Export
Completed Successful. Total Number of Items Exported: 0'
 Select the emails marked as privilege and right click on them. Click on Remove Privilege to
remove the privileges assigned on the particular emails :
Preview Bookmark Option Top

 Evidences can be bookmarked for future reference. Select the email(s) and right click on
them. Click on Bookmark. This will bookmark the item for future

 On the successful bookmarking of items a pop up window will notify the following
message: 'Bookmarked Item Count: 2. you can view bookmark(s) from 'Bookmarks'
section.' Click on OK :
 Now you can go to the Bookmark section from the left side pane to view the list of
bookmarked items :
Preview Sent Review Option Top

 Right click on any bookmarked item and select Send For Review option to send the item to
another investigator for review via any of the three options provided:

1. Via Mail
2. Via Shared Location
3. Smart Review

 On selecting Via Mail option a Settings window will open up. On the Mail Settings tab
provide the following details

4. SMTP Server
5. Senders Email Address
6. Password
7. Port

Click on Save:
 A prompt will appear notifying that the mail settings have been added successfully. Click on
OK :

 When you send bookmarks for review via mail a Send Mail screen will appear with the
following fields to be filled out

8. To: Provide Recipient Address

9. Subject: Give a subject to the Mail
10. Attachment Icon: Bookmarks added as Attachments
11. Email Body: Write mail text
 Choose Via Shared Location option to send bookmarks for review :

 A Send for Review screen will open. Provide the following details:

12. Path of the Shared Location

13. Recipient email address (separated by semi colon, if multiple)
14. Subject
15. Message text
 Click on Send:

 A 'Mail Sent Successfully' pop up will appear on screen. Click on Ok :

 Select Smart Review option to Send bookmarks for Review :

 On the Smart Review screen provide the Login credentials: User Name and Password. Click
on Sign in to proceed :
Preview Tag Email Option Top

 Select suspect emails, right click on it and go to Tag. Select Add Tag option :

 Click on Create to create a new tag for emails :

 Provide a Tag Name and Tag Description.
 Click on Save :

 A 'Tag Created Successfully' prompt will appear on screen. Click on Ok :

 Another prompt notifying about the selected Item added to the newly created Tag will
appear. Click on Ok:

 Selected items will now appear with a Tag labeled to them :

 Select Tagged items, right click on them and go to Tag. Click on Remove tag to remove tag
from the selected items :

 Select the Tag under which the selected items were labeled and click on Save:
 A pop up window will appear stating that tags were removed from the items along with the
item count from which the tag was removed. Click on Ok:

 Go back to the list of items and they will no longer be labeled under any tag:
Preview Log Report Option Top

 Click on Logs from the software Menu bar to check the Case Activity Log. Click on Scan to
view the email data scanning log reports

 Click on Bookmark to view the items bookmarked in the case:

 Click on Privilege option to view privilege items in the case:
 Click on Export to view the details regarding exported items along with description, event
time, and username :
 Click on Search tab to view details of the searches carried out in the case :
 Click on Tag tab to view details of the tag emails in the case :
 Click on General Tab to view the searches conducted using General Search option :
 Clicking on Not Indexed will list the uncategorized activities taken place in the case. Click
on Export to export this report :
 Log Report can be saved by click on Export to CSV :
 Thus, Export Report is saved :
Preview Image Analysis Top

 On the software menu click on Options, go to Settings and Select Advance Settings :

 Now go to on the Image Analysis tab Switch On Image Analysis and set a sensitivity level
for performing skin tone analysis on image by dragging the slider from anywhere between
"Very Low to Very High" accordingly. Click on Save :
 From the Media Tab user can view Suspected Attachment which consist obscene images.
Expand it to view the suspected attachments categorized under Moderate, High & Low
frequencies respectively.
Search Option Top

 General search is used for fetching information, relevant to the keyword(s) used to search
over the entire or selected mail attributes with required logical operators used & any number
of criteria, to narrow the search results :

o Following are the Logical operators OR, AND, NOT can be used to refine your search.
Operators used to create relation between two criteria :
1. OR Operator : Search will be optional between the two criteria
2. AND Operator : Searched term will be present in both criteria
3. NOT Operator : Searched term must not be present in results
 Searching will be done between the "Subject" and "To" by using Logical Operator to make
search results more specific:
 Predefined: Search the predefined keywords that identify a particular pattern in the email
evidences. It is based on the algorithm of Regular Expressions Search :
 Click Advance Search that allows searching in a more detailed manner by using Subject,
Start With, Keyword and operator options. This can limit a search to emails with specific
words located in the header, specific categories or namespaces :
 Proximity allows input of two words & asks for providing an approx number (from zero to
infinity) of words between those two characters. This search can be executed by the Hit &
Trial method :
 Wildcard Search is used to find out the expressions or patterns for single or multiple
characters similar to :

4. Asterisk (*) : If any character or word is to be searched along with "*" symbol, then
the entire possible outcome will be displayed with that character or word
5. Question Mark (?) It is used to search for a single unknown character; like "an?"
results in and, any, ant etc.
 Clear Search Result : Used for clearing all search :
 Stem Search: Finds out all the possibilities for finding any uncertain words. Useful for those
users who are uncertain about the specific word :
 Fuzzy Search: Finds out all the searching results that are nearest and approximate from the
given data. It is a logical implementation of search result from the given data :
 Attachment : Used to switch to Attachment tab also for viewing the attachments of the
mails:
 Add Criteria : Add the required criteria & fill it with information you have regarding that
field:

6. "Subject" can contain your keyword.

7. "To, From, Bcc Cc" can search for the entered term in email head.
8. "Modification Date" to modify date.
9. "MD5" will search for the entered value in MD5 value of emails
10. "Has attachment" gives option to select from yes or no.
 Open Save Search Result: A pop up window will appear asking whether you want to save
current searched results or not.
 Save Searched Result: Allows saving search results with a name.
 Clear Search Result: Used to clear all the search results.
 Auto Preview : Use to switch to Auto Preview the applicable only for Mails :
 Look for: Used to define your search within an email and/or attachment. Just check the box
for the area where you want to look for the keyword; Email or Attachments. The search
results will be displayed accordingly :
Export Option Top

Export Files

 Now user can select the emails which user wants to export & right click on mails. After that
select the Export all Selected Items option :

 Now select the Export Options(CSV, EML, HTML, MSG, PDF, PST, TIFF) in which user
want to convert the selected emails and click on Browse button :
 Select the location where user want to save the exported files and click ok :
 From the Export options select the Naming convention. This module of software helps in
managing the name of saved file according to the options given in drop down menu.
Following are naming conventions given in the drop down list :

 Software provides following options too :

1. Maintain folder hierarchy : Creates a folder tree of all the emails

2. Create Top folder : Create Top folder by user requirement
3. Merge exported files : Compress total files into a single file or merge multiple exported
files into one location
4. Exclude Duplicates: This option can be checked if you want to exclude duplicated
emails or data.

Now Click OK:

 After clicking on OK, Exporting status in terms of Export Count is shown by the software :

 As the process gets completed, the following pop up window will appear, with the message
of process completion :
 An export report will be created for the complete export process. Click on Export to Save
this report on the local machine in CSV format :

 Browse the location and save the report with the name export-report and click on Save button
:
 A notification confirming the successful saving of CSV report will appear on screen. Click
OK :

Export Folders

 For converting the multiple folders use the Export option from the navigation bar :
 Select a folder or multiple folders from the right pane of the software and click on OK button
:
 After clicking OK, Exporting status in terms of Export Count is shown by the software :

 As the process gets completed, the following pop up window will be displayed, with the
message of process completion :
 An export report is created for the complete export process. Click on Export to Save this
report on your local machine in CSV format :

 Browse the location and save the report as name export-report-folder and click on Save
button :
 A successful notification message will confirm the successful export report saved. Click OK:
Preview the Result Top

 Now go to the location where all the files and reports are saved on your machine :
Demo Version Top

The SysTools MailXaminer software is launched with a free of cost demo version that permits
the users to export 50 items per folder and create a single case. The software can add up to 2 files
of each type and only 10 files in a case on total. Demo version of the MailXaminer software
allows files of 2GB size and analyzes only 5 suspected attachments per category. So it is
recommended to work with the free MailXaminer tool version only to examine its features. Go
ahead with the full version purchase of the software to export infinite numbers of files.

SysTools Official Site to download demo from: http://www.mailxaminer.com/download.html

Purchase Software Top

Working with the demo version further induces the need to purchase the full version of the
software. Merchandise your best bargain as the software license is distributed in the following
categories..

 Personal License

SysTools Official Page where you begin your Purchase from:

http://www.mailxaminer.com/purchase.html

Single User License:

SysTools MailXaminer is a single user machine tool, usage of which is restricted upon a single
machine. The software is available at the price of 1600 USD for 1 year validation. The software
endlessly adds distinct file types and load files without any limit. User is not permitted to
distribute or recreate the software copy without prior permission of SysTools; abandoning which
makes the user liable for strict judicial actions.
Online Support Top

Avail Online Support on SysTools MailXaminer

Ask your queries related to SysTools MailXaminer direct to our software support team available
24x7 at your service. Get comprehensive online chat ancillaries upon software and other
platform interoperability related issues free.

Chat Support: http://messenger.providesupport.com/messenger/evan.html

Online Help: http://www.support.systoolsgroup.com/product/

Visit Our Website: http://www.systoolsgroup.com

Email Support

For Sales: [email protected]

For Support: [email protected]