Messaging Analysis
Email within the business is often the most common ways people communicate. From internal meeting requests, distribution of documents and general conversation it would be difficult to find any organisation that does not rely on email communication.
Employees store their personal colanders, contacts and even synchronize their email clients with their Personal Digital Assistants (PDA) and email ready devices (blackberry/Windows Mobile).
Email servers now have the ability to integrate with CRM systems and can hold sensitive and confidential information about the organisation and their clients.
Forensic analysis of the email server and the clients on users systems will often yield an amazing amount of information on the user and the organisation itself.
Sapphire has the skills and tools to examine these areas and produce reports in a friendly readable format.
Many users believe that once they delete email from their client that the email is unrecoverable.
However, many times emails can be forensically recovered even after deletion.
Many users also do not grasp the concept that email has a sender AND a recipient or multiple recipients. Emails may reside on servers unbeknown to the user, or on backup tapes that were created during the normal course of business.
And of course they may also be extracted from the hard disk of the client or the server.
Web-based email can present its own set of difficulties when conducting forensic examinations.
It is possible to forensically recover email that was created or received by web based email systems and from free web based email services such as Hotmail, Gmail (Google Mail) and Yahoo Mail.
These types of mail systems use a browser to interface with the email server, the browser inherently caches information to the disk drive in the system used to retrieve or generate the email thereby effectively saving a copy to the disk.
Sapphire examiners can extract the HTML based Email from disk drive of the system used to create or retrieve the email messages.
And of course organisations may also have a web based system for users to retrieve their email while out if the office, for instance Outlook Web Access used with Microsoft Exchange Servers.
These Browser Based Web Mail clients also cache messages to the disk.
