Open & Read MBX File Format In Email Forensic Investigation
MBX file format is the high performance replacement for the MBOX file format created by Mark Crispin while at the University of Washington. It is much faster than MBOX and it is supported by UW – IMAP. MBX is non-standard mail format used by Email client which need faster access to the mail through IMAP and need concurrent access from multiple clients. The MBX file extension is commonly used by email clients like Eudora, Pocomail, Outlook Express for their mailbox file.
Eudora MBX File Format
Eudora is an Email client created in 1988 and acquired by Qualcomm in 1991. It is supported on both Mac and Windows OS. It provides a feature SpamWatch which support Bayesian filtering of spam and ScamWatch that flag the suspicious links within emails. Which stores its email messages in MBX file format. Eudora supports POP, IMAP, SMTP protocols and allows users for encrypting email communication for greater security. It also has an ultra-fast searching feature, which helps to find any email in a few seconds by using one or more criteria.
Location of MBX File in Eudora Email Client
Eudora support both POP and IMAP mail accounts, in both cases it stores messages in the local drive of the system with different locations.
POP Mailbox Path:
C:\Documents and setting\[User Name]\Application data\Qualcomm\Eudora
or
C:\Users\[User Name]\AppData\Romming\Qualcomm\Eudora
IMAP Mailbox Path:
C:\Program Files\Qualcomm\Eudora\IMAP\Dominant
or
C:\Users\[User Name]\AppData\Romming\Qualcomm\Eudora\IMAP\Dominant
Eudora saves its email messages in MBX file with .mbx extension. It creates separate MBX file for each mailbox. For Ex: For Inbox, it creates Inbox.mbx and for Junk file, it creates Junk.mbx etc. In which the attachments and embedded images are stored in a separate directory. The messages are concatenated inside the MBX file format as a single message. So for normal users, it is difficult to read MBX file and understand the email message from it. Eudora also contains another file with extension TOC (table of content) which contain the detailed information about the folder.
File Format in Eudora Email Client
In.mbx: This MBX file format store user mailbox details in it.
Out.mbx: This file store all the Outbox file details of users.
eudora.ini: This file contains all the settings made by users in Eudora application. It is easily readable through Notepad and also changeable.
deudora.ini: It contains the online settings and Registration Information of Eudora application.
filters.pce: Name and Extensions of Eudora filters and full information for filters are stored in this file.
In Digital Forensics Crime Investigation, Various file format needs to be scanned to find the evidence or specific information. To find details of Eudora mailboxes, we need to scan “ In.mbx, Out.mbx” with the help of MailXaminer Forensic Software.
Examine MBX File Details Using MailXaminer
For the forensic investigation, it is not possible to install all of the Email clients in the investigator’s system to search for the email evidence. It is the situation where the MailXaminer has the importance. Because this software provides the option to analyse 20+ file formats and through this analysis feature, MailXaminer allows to examine the MBX file. Perform the following operation to open the MBX file and search for evidence.
STEP 1: Add MBX File
Use Add Evidence option to select the MBX File and for further analysis. Now Select the Eudora Database (.mbx) to add and Open MBX file format.
STEP 2: Search Option in MailXaminer
After MBX file is scanned and traversed click on the search option. There you can select either General or Proximity search according to the purposes.
STEP 3: Use Search Operators
Use appropriate criteria and Logic operators to extract the evidence more specifically through Add Criteria.
STEP4: Advanced Search Option in MailXaminer
MailXaminer also provides the option to advance search within the General Search through different searching algorithms like Wildcard Search, Stem Search, Fuzzy Search, Regular Expression search. Through this investigators can search the evidence more precisely by reading MBX file.
Through these processes, the Investigators or Examiners can perform a search operation on the evidence file of MBX file format without Eudora.
Conclusion
Email file analysis is the finest and easiest way to obtain evidence in Digital Forensics. But it is difficult to perform the manual analysis process on the mailbox files. It is same in the case of Eudora MBX file investigation. MailXaminer is an Email Forensic tool that can be used for open MBX file format and perform the analysis process in a very accurate manner.