Fookes Software has been specialized in the field of email data processing since 1999, and released its first email forensics tool in 2002 as an OEM product for Paraben Corporation. Aid4Mail Console OEM is currently used as a component of several leading e-discovery products. Aid4Mail eDiscovery was released in December 2010 and is the stand-alone version for forensic and e-discovery professionals.
There are many different and often conflicting definitions for the terms Computer Forensics and Electronic Discovery (eDiscovery or E-Discovery). Most agree that both processes involve identifying and collecting data, analyzing it, and delivering relevant information (for example for legal evidence).
For some, the distinction between the two processes is not determined so much by the tools used but by who analyzes the information; the e-discovery expert provides the data to a legal team for analysis, whereas the forensics expert collects the data, performs the analysis, and may be subject to take the stand in court or be called for deposition. Some argue that e-discovery is for civil litigation and corporate matters, whereas computer forensics is for criminal investigations.
In the field of electronic mail, we treat email forensics as a specialized branch of e-discovery. In designing Aid4Mail, we decided to offer the same feature set for both email forensics and e-discovery, but with four different licenses for specific types of use.
Aid4Mail is a user-friendly, fast, and highly accurate email extraction program. It offers powerful features for e-discovery and forensic professionals at a very competitive price. Clients include leading law firms, law enforcement and government agencies, intelligence and military organizations, and other international organizations throughout the world.
Jump to:
Aid4Mail supports over 40 email client programs and mail formats, as well as many popular webmail services and remote accounts through IMAP. Local mail folders and files can be processed even when disconnected (unmounted) from their email client, including those stored on external hard drives and media like CD, DVD, and USB devices. It can read mbox files from Mac and Linux systems without prior conversion.
Supported formats include Outlook (PST and MSG files, and MAPI profiles), Microsoft Exchange (through a MAPI profile), Outlook Express (including Usenet messages), Windows Live Mail, Thunderbird, Eudora, and Apple Mail. For a full list, see the Supported Formats page.
Aid4Mail easily handles very large emails and huge mailbox files (successfully tested on a 264 GB mbox with 3 million emails). In fact, Aid4Mail is used as the mail processing engine for a major financial institution as well as a well-known search engine, and processes terabytes of mail data daily. Aid4Mail can often extract mail from corrupt mailboxes and read malformed emails *. The eDiscovery edition also gives you access to unpurged deleted emails *.
When email client programs like Office Outlook, Eudora, and Pocomail receive an email, they alter and split the format prior to saving it in the mail store. Traditional e-discovery and forensics tools are often incapable of correctly putting the pieces back together. As a result, collected data may be incomplete and searches miss relevant chunks of data.
Aid4Mail is one of the most accurate tools on the market when it comes to rebuilding split emails. It produces a format that is as close as possible to the original RFC message. Original metadata like SMTP header fields are recovered (see below), status information and dates are restored, and attachments and embedded contents are copied back into the email.
Return-path: <bill@aid4mail.net> Envelope-to: bill@aid4mail.net Delivery-date: Fri, 18 Feb 2011 11:18:13 -0500 Received: from 131-39.62-81.cust.bluewin.ch ([81.62.39.131]:17353 helo=PrecisionT3500) by centaur.dewahost.net with esmtpa (Exim 4.69) (envelope-from <bill@aid4mail.net>) id 1PqT25-00058l-7Z; Fri, 18 Feb 2011 11:18:13 -0500 From: =?utf-8?Q?Bill_Caff=C3=A9?= <bill@aid4mail.net> To: =?utf-8?Q?St=C3=A9phane_Fran=C3=A7ois?= <steve@aid4mail.net> Cc: =?utf-8?Q?'Lisa_Gruy=C3=A8re'?= <lisa@gruyere.org>, "John Fire" <john@aid4mail.net>, "Tim Sand" <tim@aid4mail.net> Subject: Poem by Charles Baudelaire Date: Fri, 18 Feb 2011 17:18:08 +0100 Organization: Fookes Software Message-ID: <001901cbcf87$707c25b0$51747110$@aid4mail.net> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Priority: 5 (Lowest) X-MSMail-Priority: Low X-Mailer: Microsoft Outlook 14.0 Importance: Low Thread-Index: AcvPhydgtD/Fiez1TJSn19MfhrGhJw== Content-Language: en-us Status: RO X-Folder: Inbox
From: =?UTF-8?Q?"Bill Caff=c3=a9" <bill@aid4mail.net>?= To: =?UTF-8?Q?"St=c3=a9phane Fran=c3=a7ois" <steve@aid4mail.net>?= cc: =?UTF-8?Q?"'Lisa Gruy=c3=a8re'" <lisa@gruyere.org>?= cc: "John Fire" <john@aid4mail.net> cc: "Tim Sand" <tim@aid4mail.net> Priority: Low X-Priority: 5 X-Mozilla-Status: 0001 Subject: Poem by Charles Baudelaire MIME-Version: 1.0 Message-ID: <001901cbcf87$707c25b0$51747110$@aid4mail.net> Date: Fri, 18 Feb 2011 17:18:13 0100 Content-Type: multipart/alternative;boundary="Next_Item:_(A3CB49KFSA19)/1"
* Aid4Mail relies on MAPI for access to Outlook PST and MSG files because this method currently produces the most accurate email conversions. As a result corrupted files that cannot be opened in Outlook are not accessible to Aid4Mail. Also, MAPI does not provide access to unpurged deleted mail.
Duplicate emails in mailbox files can represent a significant amount of data. Aid4Mail offers powerful de-duping options to cull the volume of data to analyze. It offers options to remove email duplicates at the folder level, across all folders in a processing batch, or even across processing sessions if necessary.
Aid4Mail integrates a powerful search engine that can analyze terabytes of email files and produce relevant records in a timely manner. Searches can be based on reusable word lists with logical operators. Search wildcards are also supported and power users can use regular expressions to further refine the data culling process.
Aid4Mail also integrates a scripting engine designed especially for processing email data. It can be used for email filtering, data extraction, and message analysis. The script syntax gives easy access to email header metadata fields as well as any information stored in the message body. Email data can even be exchanged with external console modules to handle processing tasks not covered by Aid4Mail.
It is crucial during email examintation that timelines are accurately determined. Email exchanges across time zones are common and many messages may be sent within a short time span. As a result, errors due to poor conversion of email dates can have a serious impact on a case.
Unlike many of its competitors, Aid4Mail integrates an intelligent date processor that understands time zones as well as daylight saving time (summer time). In addition, it can usually process malformed dates that sometimes appear in header metadata.
Aid4Mail offers several export options for emails collected as evidence. It can export messages to PDF or HTML to facilitate file sharing with clients and legal teams. Aid4Mail can also create PDF/A-1a (Level A Conformance) files which are being adopted by federal courts in the U.S. as the standard format for electronic filing (CM/ECF systems).
If it is necessary to analyze or process mail further using other tools, Aid4Mail can export messages to standard Outlook PST files, mbox files (with formatting options for Windows, Mac, and UNIX/Linux), individual EML message files, CSV files (supported by Microsoft Excel and most databases), and even XML files. Custom output can also be created if necessary using Aid4Mail's scripting capabilities.
For very large volumes of email, Aid4Mail can save messages to a highly compressed ZIP archive that can be opened with Windows Explorer. The reduction in file size can be very significant, making it easier to share data with others.
During the ZIP compression stage, Aid4Mail extracts attachments and embedded contents (such as images) from emails and stores them in separate folders inside the ZIP archive. This way attachments and embedded contents are easily accessible without using special utilities. The compressed emails are stored in standard mbox files inside the ZIP archive. They are based on the RFC 2017 format to preserve the connection between the messages and their extracted contents.
Email processing is a complex task with many pitfalls and no product is perfect. However Aid4Mail consistently produces more accurate results than any of its closest competitors, notably when handling mail from Eudora, Outlook, Exchange, PST and MSG files. You cannot afford to lose important email contents during e-discovery and forensic investigations. If you value the integrity of your data, try Aid4Mail for free and carefully compare its output with any competing product.
Aid4Mail eDiscovery is subdivided into four license types:
For more details on usage conditions, see the End User License Agreement (EULA) and EULA Comparison Chart.