Impersonate and Examine Live Exchange Mailboxes
MS Exchange, an emailing server, is the communication hub for most of the organizations and the occurrence of any kind of information leak, forgeries and scams in these sectors include crucial strands available within the MS Exchange user mailboxes. The investigators face a lot of challenges while collecting Electronically stored information within Exchange server like; they cannot shutdown an extremely active database or interrupt it in any way, sorting & culling of data from sheer size of Exchange repositories to find an email evidence is cost prohibitive; additionally, Exchange Servers are designed to manage or protect the emails & not for discovery thus; ESI collection will be time consuming.
As an alternative to overcome above challenges, MailXaminer has now been equipped with a decisive feature of Live Exchange Server Mailbox Analysis. The tool forensically scan the entire exchange database and let you find everything which is related to your search parameter.
To make use of the Live Exchange Server Mailbox Analysis feature, switch to Scan File > Web > Live Exchange.
After selecting the Live Exchange option, the Live Exchange pop – up window appears.
The Live Exchange pop – up window asks the investigators to provide details for the following fields: -
- Exchange Version: - The software is attuned with the three latest versions of Exchange Server i.e. Exchange Server 2007, 2010,2013 and 2016. Investigators can examine and analyze the mailboxes of any of these versions of the Server.
- Server Name/IP: - The Server Name/IP is the corresponding name or IP details of the server that need to be examined.
- Domain: - This field requires the domain name of the corresponding Server.
Investigators very often face a challenge regarding the availability of account credentials while analyzing corresponding mailboxes. To assist the investigators with this part of analysis, Software allows the investigators to analyze the Live Exchange mailboxes through a using impersonation features. The software provides a dual option of analyzing the Live Exchange Mailboxes in one of the two modes i.e. With Impersonation and Without Impersonation techniques.
Without Impersonation:In this method, you need to provide User Mailbox Credentials such as "Mailbox Name and Password". Software validated the mailbox credentials and if all details are verified then software displays the details of the data items stored in user mailboxes.
Administrator Credentials: : To Use this method, check the box of " User Impersonation". Now provide Administrator details such as "User name and Password"
In this method, browse the CSV File used to stored Details of user mailboxes.
View the Details of Exchange User Mailbox
To avail the feature of Impersonation, Technocrats/Investigators have to run certain commands in their Exchange Powershell. To get the list of complete cmdlets and required steps, click here