Email Forensics

Email Forensic Software that is Fast, Accurate, and User-Friendly

Aid4Mail is a fast, accurate, and easy-to-learn email forensics software solution. Over the years, it has become an essential tool for computer forensics and e-discovery professionals around the world.

Aid4Mail supports over 40 email formats and mail client programs, as well as many popular webmail services and remote accounts through IMAP. As a result, you’ll be able to process just about any type of mailbox that comes your way.

Local mail folders and files can easily be processed when disconnected from their email client, including those stored on external hard drives and media like DVD and USB devices. Aid4Mail can read mbox files from Mac and Linux systems without prior conversion.


What Can You Expect With Aid4Mail?

Here are some of the benefits you’ll get with Aid4Mail:

  • Dependable, with results that are more accurate than other solutions.
  • Easy-to-learn interface and context-sensitive help to make your job easier.
  • Saves time with its fast email processing engine and de-duping features.
  • Finds relevant information, thanks to its powerful search features.
  • Good value for money, with prices as low as $299 US.

But that’s not all. Aid4Mail integrates accessibility features making it Section 508 compliant. This means it fulfills the necessary requirements for use in U.S. government agencies.

Aid4Mail’s user-friendly wizard interface
Aid4Mail’s user-friendly wizard interface

Accurate Email Data Acquisition

Aid4Mail easily handles very large messages and attachments, and huge mailbox files. It often succeeds in extracting mail from corrupt mailboxes and fixing malformed emails. Aid4Mail can also restore deleted and unpurged emails from many mailbox formats and IMAP mail accounts.

Aid4Mail is one of the most accurate tools on the market when it comes to rebuilding mail. When programs like Outlook and Eudora receive an email, they alter and split it prior to saving in the mail store. Traditional forensics tools are often incapable of correctly putting the pieces back together. As a result, collected data is incomplete and searches miss relevant chunks of data.

Aid4Mail can rebuild emails, producing a format that is as faithful as possible with the original RFC message. Source metadata like SMTP header fields are recovered, status information and dates restored, and attachments and embedded contents copied back into the email.

Example using a competing product, followed by Aid4Mail:

From: "david.johnson@fookes.com" <david.johnson@fookes.com>
To: "'J=?UTF-8?Q?=c3=a9r=c3=b4me=20Ar=c3=a7?=ois'" <jerome.arcois@fookes.com>
cc: "'Joan Miller'" <joan.miller@fookes.com>
cc: "'Susan Williams'" <susan.williams@fookes.com>
cc: "'Peter Smith'" <peter.smith@fookes.com>
cc: "'Eugene Fookes'" <eugene.fookes@outlook.com>
Importance: High
X-Mozilla-Status: 0001
Subject: Please=?UTF-8?Q?=20check=20important=20charts=20from=20Snj=c3=b3fr=c3=ad=c3=b0?=ur
MIME-Version: 1.0
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAABluo5KJeUpCslhvgKM4mZnCgAAAEAAAAIGHdE3Z8MdFhGLsK9UnDgUBAAAAAA==@fookes.com>
Date: Tue, 25 Feb 2014 10:58:18 +0100
Content-Type: multipart/mixed;boundary="Next_Item:_(A3CB49KFSA19)/1"
          
Sample header extracted by competing forensic tool
x-store-info:sbevkl2QZR7OXo7WID5ZcVBK1Phj2jX/
Authentication-Results: hotmail.com; spf=pass (sender IP is 96.30.47.96) smtp.mailfrom=david.johnson@fookes.com; dkim=pass header.d=fookes.com; x-hmca=pass header.id=david.johnson@fookes.com
X-SID-PRA: david.johnson@fookes.com
X-AUTH-Result: PASS
X-SID-Result: PASS
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MTtHRD0xO1NDTD0w
X-Message-Info: NhFq/7gR1vQRHV6jbdvQfsKUeeVAoUVojAJS6DKEC2GNUUM0G+Idi8S6bQ+yOheURPNKM+ceVA3sxGBBdP1EXLOQS4fNzCSzxNSv8LmL1zB6Ig6GoQXO4AY+byEwxgTcdu3BFpOcpQKVeZatIvi3zNJwl3djyhVsTq2RhIH+qQHVu5h8LDsU9uzF2wTW29UAon9Bseo3FpdNC8Y22VXkKMPttP2iurtq
Received: from host.fookes.com ([96.30.47.96]) by SNT0-MC2-F45.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
	 Tue, 25 Feb 2014 01:58:16 -0800
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=fookes.com; s=default;
	h=Content-Type:MIME-Version:Message-ID:Date:Subject:Cc:To:From; bh=JaM6HEHiGymnxtuIqtQZ1XV3kKOd0Dqhq6gZ6oaSzq0=;
	b=Nd6UJ2o9NjyP7XSxjt+6UnJ1b/l+yNXeKRoJ2ILQSSHOKG8NZ0w+97n7wcWdu9yD7wxMlzPKBHgFt3Am8GtSBYfRtcyT1Aqv4fS0/YHNsIg8BH5d5PHRr8lqJ8cLpXWMgXruP1L2dUYeDDb+UgbkHfIz+uOF0BnMyWOFKUuvV4k=;
Received: from 80-218-191-28.dclient.hispeed.ch ([23.247.123.38]:58440 helo=T3500)
	by host.fookes.com with esmtpsa (TLSv1:AES128-SHA:128)
	(Exim 4.82)
	(envelope-from <david.johnson@fookes.com>)
	id 1WIEmF-0000dK-An; Tue, 25 Feb 2014 03:58:15 -0600
Return-Receipt-To: <david.johnson@fookes.com>
From: <david.johnson@fookes.com>
To: =?iso-8859-1?B?J0rpcvRtZSBBcudvaXMn?= <jerome.arcois@fookes.com>
Cc: "'Joan Miller'" <joan.miller@fookes.com>,
	"'Susan Williams'" <susan.williams@fookes.com>,
	"'Peter Smith'" <peter.smith@fookes.com>,
	"'Eugene Fookes'" <eugene.fookes@outlook.com>
Subject: =?iso-8859-1?Q?Please_check_important_charts_from_Snj=F3fr=ED=F0ur?=
Date: Tue, 25 Feb 2014 10:58:13 +0100
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAABluo5KJeUpCslhvgKM4mZnCgAAAEAAAAIGHdE3Z8MdFhGLsK9UnDgUBAAAAAA==@fookes.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0000_01CF3218.7BF01810"
X-Priority: 1 (Highest)
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook 14.0
Importance: High
Thread-Index: Ac8yDzP4nnZLjzY8SdeZrtR0leJ50g==
Content-Language: en-us
Disposition-Notification-To: <david.johnson@fookes.com>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host.fookes.com
X-AntiAbuse: Original Domain - outlook.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - fookes.com
X-Get-Message-Sender-Via: host.fookes.com: authenticated_id: david.johnson@fookes.com
X-Source:
X-Source-Args:
X-Source-Dir:
Return-Path: david.johnson@fookes.com
X-OriginalArrivalTime: 25 Feb 2014 09:58:16.0790 (UTC) FILETIME=[1AD27760:01CF3210]
Status: RO
X-Folder: Copies
          
Same email with header fully restored by Aid4Mail

Output Formats for Delivering and Filing Email Data

Aid4Mail offers several export options to ease the delivery and filing of collected email data. It can convert messages to PDF or HTML to facilitate file sharing with the court and legal teams. Aid4Mail can also create PDF/A-1a (Level A Conformance) files which are being adopted by federal courts in the U.S. as the standard format for electronic filing (CM/ECF systems).

If you need to analyze or process mail further using other tools, Aid4Mail can export messages to standard Outlook PST files, mbox (formatted for Windows, Mac, or UNIX/Linux), individual EML message files, CSV (supported by Microsoft Excel and most databases), XML, and more. Custom output formats can also be created with Aid4Mail’s powerful scripting capabilities.


Concurrent Email Account Processing

Process accounts 5x faster with Aid4Mail Console Launcher*

Do you need to convert mail from multiple user accounts? Our new, user-friendly utility, Aid4Mail Console Launcher is included with your purchase of Aid4Mail Service and is an option for Aid4Mail Forensic.

  • Speed up your conversion by 500% by concurrently processing accounts from a single CSV file
  • Schedule large conversions for the weekend or in office down-time
  • Get key progress information by email for total peace of mind

* Comparison between a single 186MB MBOX to EML conversion, and 12 concurrent 186MB MBOX to EML conversions. This test was performed on a 64-bit Windows 10 PC with 8GB RAM and an Intel Core i5-6500 CPU at 3.2 GHz.

The Aid4Mail Console Launcher is a new utility to assist with concurrently processing and converting multiple mailbox files and email accounts.

Working alongside the Console (CLI) version of Aid4Mail, the Console Launcher manages, schedules and monitors your email processing tasks.

Included with all purchases of Aid4Mail Service, and as an additional option with Aid4Mail Forensic, the Console Launcher offers the following benefits:

Process multiple accounts simultaneously from one CSV file

Simply fill out the CSV template provided with your conversion and filter settings and user details. Then open and run your CSV file in the Console Launcher.

You can even use multiple source and target locations, all in one session.

Easily schedule your email projects

Schedule your email processing tasks over the weekend, or in the evenings. Increase productivity by leaving large conversions running overnight. Then come back in the morning to see the results.

Get Email Progress Notifications

Opt-in to receive progress notifications by email. You’ll be notified if an account fails, and when all mail has been successfully processed.


Who Uses Aid4Mail?

Aid4Mail has many thousands of satisfied users around the world, including law enforcement and government agencies, intelligence and military organizations, law firms, large corporations and financial institutions, audit firms, as well as consultants and students of computer forensics.

And it’s no wonder. Aid4Mail was developed specifically to meet the high demands of forensic and e-discovery professionals.


Here’s What our Users Had to Say About Aid4Mail

“Aid4Mail exceeds our expectations on the speed in which it can convert data. It can convert larger amounts of data in no time at all. I would say it’s at least twice as fast as the rest of our tools”
– Jon Hanna, ESI Manager - Advanced Discovery, USA          [ Read our Advanced Discovery case study ]
“I often recommend my clients utilize Aid4Mail to assist in the conversion, search, and export of emails to aid in their eDiscovery cost containment strategies. Aid4Mail impressively allows flexibility in handling the myriad email formats found on modern computers, and is one of my must-have tools.”
– Richard D Lutkus​​​ - Partner - Seyfarth Shaw LLP​​​​​​, UK
“We work with over 1TB [one terabyte] of email per month and your Aid4Mail product has shown to be an integral part of our toolset for dealing with these volumes of email.”
– Jason Rappoport, Senior IT and Forensics Consultant - Capsicum Group, USA
“Aid4Mail scripted approach took just 8 hours to finish (!), which is almost impossible to compare with 23 hours of running time for Transend. On top of everything else, it looks like that Aid4Mail-generated PST files are way smaller than Transend-generated.”
– Dragan Stankovic, Canada

Try Aid4Mail for Free

Take advantage of our free trial and start using Aid4Mail today. No credit card required, no obligation, and you can run it in trial mode for as long as you need. This way you can verify that Aid4Mail is fully compatible with your computer and does what you require.

Click to get your FREE Aid4Mail trial.


Ready to Buy Now? It’s Quick and Easy

Thank you for choosing Aid4Mail. Please note that you need one license per . See our EULA for the details. You can specify the number of licenses on the next screen.

Aid4Mail Forensic
Primarily for Public Sector

  •  Console + Launcher: optional
    Private Sector:
     Limited to internal mail
    Public Sector:
     Unlimited end-users mail
     USB flash drive option
  •  One-Year License
     50% discount on renewal
  •  Supports MS Exchange
     Filter mail by date/keywords
     Process/restore unpurged mail
  •  Also converts to PDF/A
     Offline license activation

Aid4Mail Service
Primarily for Private Sector

  •  Console + Launcher: included
     
     Unlimited end-users mail
     
     
     USB flash drive option
  •  One-Year License
     50% discount on renewal
  •  Supports MS Exchange
     Filter mail by date/keywords
     Process/restore unpurged mail
  •  Also converts to PDF/A
     Offline license activation

Double-check the system requirements here…

  • Operating System : Aid4Mail runs under Windows 10, 8, 7, Vista, XP, 2000, Server 2016, 2012, 2008 and 2003 or Linux in conjunction with Wine. Both Windows 32-bit and 64-bit are supported.
    Windows NT4 / ME / 98 / 95 should work but are not officially supported.
  • Internet : Online license activation, validation, and re-activation require an internet connection (offline activation option available with Aid4Mail eDiscovery editions).
  • Hardware Requirements : 64 MB of RAM, 12 MB disk space. Pentium (or compatible) processor.

IF YOU’LL BE PROCESSING OUTLOOK/EXCHANGE: Read more >

Aid4Mail supports most commonly used mail formats and webmail services.

To see a full list of the formats Aid4Mail supports, click here.

P.S.

If you need a fast and accurate email forensic tool, you can trust Aid4Mail to do the job for you. Get your license now and start investigating email today, or test drive Aid4Mail for free in trial mode and see for yourself how well it works.