Tactics to Search Images in Outlook for Cybercrime Investigators

In recent times, digital forensics investigators often search images in Outlook and other email clients. Images are one of the core pieces of evidence that can be used to prosecute wrongdoers for their crimes. However, separating useful images from the vast amount of data is not easy. Moreover, as images can be manipulated, hidden, or destroyed, it adds a layer of complexity for law enforcement agencies.

Not to mention that criminals continue to become smarter, so detectives must stay one step ahead of them. That’s why in this writeup we have included the working steps of a state-of-the-art digital forensic tool. Before we present the instructions for using the tool, let’s see what makes manual image searching so difficult in email clients like Outlook.

Problems While Searching for Image Attachments in Outlook

Outlook itself has a free-to-use web client and a paid desktop-based client included with the Microsoft 365 service. Depending on the sophistication involved in the case, detectives may have to deal with either of the two. Regardless of the source, there are quite a few ways where image searching becomes problematic. Let’s find out how

Outlook Version is incompatible: With every new version, Microsoft adds new features and removes old bugs and vulnerabilities from its systems. After a decent set of changes, the old app versions are no longer supported. The same is true for Outlook clients, so if investigators themselves are using an older Outlook version, there is a high chance that it fails to open some new image formats. 

HTML embedded issue: Some times images might not be as attachments but rather embedded using HTML code. This tactic is often used to hide images within messages, as Outlook does not allow embedded images to be viewed in a browser or desktop. The images need to be extracted with help of external code.

Graphics acceleration features may be blocking the images from loading on to your screen.

Smart Solution to Search Images in Outlook During Investigations

MailXaminer is the first and only choice of law enforcement agencies for collecting digital images. It has an inbuilt portal to view and advanced filters to pick out photos stored at the source. Moreover, it assists forensic teams in identifying the text present in the images with an onsite OCR scanner. This tool automates the data filtering process thereby eliminating the time wasted during manual segregation. It helps law enforcement agents build a case against the criminal in the shortest time possible. Not to mention that the tool can scan for loose files and attachments and compile them into the evidence list on its own.

The tool completes the process to search images in Outlook in 9 simple steps:

1. Select the source (Outlook Desktop and Cloud both are available)
   
   
2. Configure scanning parameters (enable image analysis and OCR)
   
   
3. Attach the file (Browse and pick the Source file eg PST)
   
   
4. Preview source data (Get an early indication of what all data is present)
   
   
5. Filter relevant information (use the categories, tags, keywords, and media tabs )
   
   
6. Search filtered dataset (Find key elements using different searching algorithms)
   
   
7. Analyze suspicious links (See how many items have been sent between suspects)
   
   
8. Visualize selected info (See the data timeline with interactive charts and graphs)
   
9. Export resultant examination (Do final selections & generate a complementary report)
   
   

How Profession Tool Beats the Traditional Approach of Image Searching

Outlook as a product exists both in the cloud and on-premises. So investigators may face a scenario where both products are being used simultaneously for sending and receiving explicit images of victims. This makes it difficult to search images in Outlook as detectives have to bounce between cloud and desktop versions. However, with the tool, this is no longer a hurdle for investigators.

The reason is that the tool has the ability to add new evidence from multiple sources during the investigation itself. Moreover, this entire process can be done in-house without closing the current instance of the tool. Simply press the plus ”+” icon present at the top right-hand corner of the evidence tab and choose your new source (Microsoft Outlook for the desktop version and Office 365 for the cloud).

In the legal framework, any changes made to the evidence make it void and inadmissible before a court of law. This is true for digital images as well. That is why investigators must be super careful while handling the files.

To make sure that evidence can be understood without unwarranted changes, the tool includes an OCR scanner. Which separates out the text content present in images. This is especially helpful in scenarios where credit card numbers are present in files.

This setting can be enabled in the configuration phase of adding the evidence.

Manual scanning and sorting require a lot of effort and end up wasting the precious time of investigators. Moreover, manual searching is the same whether you want to find 10 images or 10,000. On the other hand, The tool offers several different search parameters that can be applied on a situational basis.
Options Include:

• General Search
• Fuzzy Search
• Wildcard Search
• Regex Search
• Proximity Search
• Stem Search

Conclusion

In this write-up for professionals, we gave them details on how to search images in Outlook clients. Not only did we cover the major problems during default viewing, but we also gave a workaround to each of them. Moreover, to make evidence gathering easier, instructions to use an automated forensic utility are present within the article itself. Looking at the robust set of features, no one can deny that the tool is the best possible choice for getting images out of Outlook.