Encryption is the process of encoding the message or data into another reliable format to prevent the unauthorized access of data. Encryption is the widely using method to protect the digital data when it transfer over the network. Encryption algorithms convert the plain text data into cipher text with the help of encryption key. In the receiver side decrypt email message into its original form with the help encryption key. The authorized person can only access and remove encryption from email. They can decrypt the encrypted email and converted into its original format with the help of encryption key. There are different types of encryption algorithms are available to provide various levels of protection for the digital information. With the help of automated software feature investigators can easily remove encryption from Outlook emails and EDB files during the cyber crime investigation.
S/MIME(Secure/ Multi purpose mail extension) is the stranded used for public key encryption and digitally signing the MIME base email data. Most of the email software and services and using the S/MIME encryption for the secure communication. It provides the cryptographic security features such as Authentication, Integrity, privacy data security etc. This encryption method help the receiver to confirm that they receive the exact message from the verified sender. To enable the S/MIME both the sender and the receiver must be integrated with Public Key and digital signature. The public key is used for the encrypt & decrypt email message and the digital signature is used for verify the identity of the sender.
OpenPGP(Open Pretty Good Privacy) is one of the most widely using email encryption standard. Which uses the Public Key Infrastructure to create the key assigned to individual email address. Use the symmetric encryption to encrypt the email message. Each encrypted data contains the message and the encryption key. The receiver retrieves the random key using their private key and using that random key they will decrypt OpenPGP message.
The analysis of encrypted email data during the forensic investigation is a challenging process for the investigators. The email forensics tool provides an automated solution to solve this problematic situation. Which help the investigators to remove encryption from email messages of PST, OST & EDB files to perform analysis of the digital data in efficient way. In the bellow section we are discussing about how to decrypt SMIME & OpenPGP email message with the help of encryption removal software feature of computer forensics tool and analyse encrypted email data.
Create new case or open the existing case from the database to forensically decrypt the encrypted email and extract the evidence.
To add the encrypted email data file into the software click on the Add evidence button of the tool. After that the select the file format you need to add. The forensic tool supports to decrypt email message from PST, OST, and EDB file.
For performing the examination of the encrypted email files, user needs to change the Decryption settings. This will help the user to remove Exchange Server email encryption and decrypt encrypted PST, OST email messages.
Select the option Detect Digital Signature and Encryption which will automatically detect encrypted email files and the email files containing the digital signature. Checking the Remove encryption option will allow you to add encryption keys in two ways.
To add keys manually, select the Add Keys option from the Add Decryption Keys section.
Now select the encryption type using the drop-down menu. Mainly there are two type of Encryptions available SMIME & OpenPGP
After selecting the technology, enter the Key File and Password in the respective fields.
Users can also add more keys using the Add Additional Keys option.
To add multiple decryption keys in a single go, users can choose the Upload CSV option. This option allows users to import a CSV file containing multiple decryption keys.
The software provides an option to Download sample CSV file. In this file, the user can enter Encryption type, Key Path and Password.
Browse the CSV file containing Encryption Type, Key Path and respective Password from the desired location.
After decrypting the encrypted email message from PST, OST & EDB files, user can access the email data. The key symbol with email file represent that the file is encrypted and if the file contains digital signature, it will be indicated by the badge symbol.
If the tool successfully decrypt email message it will shows the data in its original form. This will help the investigator to easily analyze and extract the evidence evidence.
To preview the email details, just click on the respective email and a new window will open displaying various details of the selected email.