The forensic keyword search in digital forensics is the feature to used to find evidence from large bulk of electronic data. During the cybercrime investigation the forensic email search is performed on the basis of keywords that you enter in computer forensics tool. That keyword may be related to the particular document or a set of computer files. For example if you are finding file from very old database, related to your employee details then the possible words you can use to perform keyword search forensic are his ID, name, address etc.
During the large investigation process usage of one by one keywords for the digital forensics keyword search is very tiring and time consuming process. In such situations the usage of multiple keywords as a set will help to obtain the result very fast. This will also helpful in the case the user searching for the electronically stored information with assumption.
To find the document, search keywords must be entered & stored in software prior to the searching process. The tool allows to perform a forensic keyword search on the evidence data which are indexed by the forensic tool. Following are the options through which you can add the keywords:
Add Keyword: Allows to enter the keywords manually.
Import CSV: Allows to add large set of keywords through CSV file.
MailXaminer is a reliable email forensics tool which helps the investigators to carefully analyse the elecronic evidence during the cybercrime investigation. This analysis tool provides the option to perform electronic discovery of the evidence from the various computer files with help of advanced search options. Among that the keyword search forensic is another specialized searching mechanism which helps the examiners to find a particular computer evidence from a large database. The forensic keyword search tool allows to add multiple keywords at a time to search a set of electronic documents and attachments which comes under the searched keyword category. Refer the steps given in the below section to know how to perform forensic search using keyword.
Add the evidence data file into the forensic analysis tool to perform digital forensics keyword search and extract the hidden evidence. Click on Add New Evidence button from the navigation bar in the Evidence section to add computer data file into the software. This allows you to add electronically stored information from four sources such as Email Client, Cloud, Image and Messenger.
To perform the keyword search forensic on a suspected database file move on to the Keywords ection of the software and select the Add Keyword button to include search keywords prior to processing. This allows the user to add multiple keywords at a time and perform forensic analysis on the electronic data files.
After you click on the Add Keyword option a new window will pop up. Which will allow you to add keywords for search either manually or through CSV file. Through the Import CSV option you can enter multiple keywords manually into the forensic keyword search tool. In the case where the user need to add a bulk set of keywords it is not possible to enter each keyword one by one. In such situation, through the Import CSV option user can add a large set of keywords. After adding the keyword list, select the desired keyword(s) to perform the forensic search using keyword on the evidence.
Once the keyword search in computer forensics is completed, the user can view and access the resultant evidence file through the software display tab. The user can display the keyword search result or particular keyword by selecting the keyword from the software keyword section .
Similar to the message files the keyword search in computer forensics can also be performed on attachments. After the keyword search is completed, the investigator can click on any email and switch to attachment tab to see the search result. To perform keyword search in attachments, make sure to enable OCR option in evidence settings.
Once the entire forensic keyword search is complete, user can Bookmark the electronic file to add into the evidence list or Export the evidences file into the various file format. Through the Export option, investigator can easily create a backup of the electronic evidence for the future reference purpose or submitting as the evidence in the court.
There are also options like Edit and Delete to modify the existing keywords in the software. To do this, user can simply select the keyword and click on the Edit or Delete option.
The final and important part of each investigation process is the generation of the investigation report. Using the Download Report option in the Search tab, investigators can easily generate the court admissible report.
After completing the digital forensics keyword search, user can generate a search report through Keywords option in the Download Report window. The report generated by the software contains the information such as Keyword, Hit Count and Search Query.