Home | Log In

Home :: Tips :: MacForensicsLab :: Recovering Email from Mac OS X Mail

Recovering Email from Mac OS X Mail

larger image

Recovering Email from Mac OS X Mail

Since the release of Mac OS X, Mail.app has been the default email application. Mail stored emails in .mbox files up until the release of Mac OS X Tiger 10.4, at which point Apple changed the default file type to .emlx. The instructions below outline the process used to recover and investigate the contents of these formats.

When looking for email on suspect Mac OS X drive, the standard location for the stored email is ~/Users/"USERNAME"/Library/Mail

You can use either the Analyze or Salvage functions of MacForensicsLab to examine Mail files.

To use the Analyze function, use search query of ".mbox" for systems from Mac OS X 10.0-10.3 and ".emlx" for Mac OS X 10.4 Tiger and 10.5 Leopard.
When using the Salvage function, direct the search to ~/Users/"USERNAME"/Library/Mail and do a Salvage of that location. Both .mbox and .emlx files will automatically be found.

Product 16/19

Previous

Return to the Product List

Next

Search

Categories

Software (6)
Hardware (2)
Upgrades (2)

Documents

Dealers (10)
Consultants
Manuals-> (28)
Tips-> (103)
  |_ MacForensicsLab (19)
  |_ MacLockPick (4)
  |_ General (34)
  |_ Field Triage (46)
Press (23)
Resources-> (105)
White Papers (5)

Sponsors

Newark, Calif. April 15th 2010 - MacForensicsLab Inc. announces the immediate availability of the latest version of their powerful computer forensic suite, MacForensicLab 3.0. The new version brings many new features along with rock solid stability and big speed improvements.

The latest version of MacForensicsLab features redesigned core functions making it faster to zero in on suspect evidence with an easier and more intuitive interface. The industry standard in Macintosh-based forensics just got better. With over twenty new features, such as hashing and data carving throughout the application along with improved stability and speed, MacForensicsLab 3.0 is the must have tool for Mac forensics.

"MacForensicsLab 3.0 brings many new features to the software suite while building on many of the things it already does best." said Marko Kostyrko, CEO of MacForensicsLab Inc. "We're very happy with the evolution of this product and excited for where it's headed in the future."

Speed improvements make all tasks faster than ever. Some operations were benchmarked to run up to 12 times faster then the previous version. New 64-bit operation helps to maximize speed and take full advantage of newer Mac's Intel processor. MacForensicsLab has redesigned memory allocation algorithms to prevent system freezes due to memory leaks or inefficient memory distribution by the operating system. This ensures that MacForensicsLab is always running at its best.

Evaluation copies of MacForensicsLab 3.0 are available to licensed investigators and media. Please contact Sales@MacForensicsLab.com to obtain an evaluation agreement.

Information

Notifications

Notify me of updates to Recovering Email from Mac OS X Mail

New Products [more]

MacForensicsLab Web Agent

MacForensicsLab Web Agent

$39.95

Have you seen ...

MacForensicsLab can work with original devices and media, as well as disk image copies of these same data sources. Using the ‘Acquire’ function ensures that the evidential integrity of the suspect drive is protected, by allowing the investigator to create a disk image for analysis and investigation, rather than having to work with the suspect drive.

| Home |

Copyright © 2006 - 2010 MacForensicsLab Inc.
Phone +1 (510) 870-7883 - Fax +1 (510) 868 3407
M ac and the Mac logo are trademarks of Apple Computer, Inc., registered in the U.S. and other countries.

Forensics Technologies - designed to perform investigations, for law enforcement and eDiscovery professionals.

MacForensicsLab - The only effective cross-platform weapon in the war on Cyber Crime and Digital Terrorism,
with unique tools designed to combat identity theft and child pornography.