Table of Contents

Overview ......................................................................................................................................... 2

System Requirements...................................................................................................................... 3

Installation of SysTools MailXaminer ............................................................................................ 4

Uninstall Software .......................................................................................................................... 6

Software Menu Option .................................................................................................................... 8

Software Navigation Option ......................................................................................................... 10

Complete Steps to Recover, Examine & Export Evidences from Multiple file Formats ............. 11

Create Case ................................................................................................................................... 13

Open Existing Case ....................................................................................................................... 17

Open, Export and Import Case ...................................................................................................... 18

Export Case ................................................................................................................................... 18

Import Case ................................................................................................................................... 20

Add/Scan File................................................................................................................................ 23

Scan Google Apps Admin without IMAP .................................................................................... 37

Scan Live Exchange ...................................................................................................................... 39

Preview the Data Mode ................................................................................................................. 42

Preview Privilege Option .............................................................................................................. 51

Preview Bookmark Option ........................................................................................................... 55

Preview Sent Review Option ........................................................................................................ 58

Preview Tag Email Option............................................................................................................ 63

Preview Log Report Option .......................................................................................................... 69

Preview Image Analysis ............................................................................................................... 78

Search Option................................................................................................................................ 81

Export Option................................................................................................................................ 98

Export Files ................................................................................................................................... 98

Export Folders ............................................................................................................................. 103

Preview the Result ...................................................................................................................... 108

Demo Version ............................................................................................................................. 109

Purchase Software ....................................................................................................................... 110

Online Support ............................................................................................................................ 111

Overview Top

Welcome to SysTools MailXaminer

SysTools MailXaminer is an email examination tool that helps to scan, search & export from

email file types of multiple platforms ( EML, Eudora, Lotus Notes, Microsoft Exchange Server,

Microsoft Outlook, Mozilla Thunderbird and many more.) to multiple email output

formats(Concordance, CSV, HTML, MSG, PDF, PST, TIFF, PRINT). MailXaminer allows &

involves lawsuits that helps clients in the process of email recovery and provides great

productivity with less effort. The software is developed in in a corporate environment under the

supervision of high-skilled professionals.

Key Features of SysTools MailXaminer

MailXaminer tool has provides an "Advance Keyword Search" feature that searches

evidences from within the emails.

Software analyzes and recovers deleted mails that represents as email evidence that

suitable for the court of law.

Download mailboxes from numerous web accounts such as : Office365, Live Exchange

server & Google Apps admin without IMAP The software examines and filters emails that have pornographic images by Skin tone

analysis feature.

Creation, Management and Analysis of evidences done with the creation of Case

Repository.

The software also exports carved out evidences into multiple output formats like

Concordance, PST, MSG, PDF, TIFF etc.

Provides team collaboration feature, allowing multiple investigators to work on the same

case.

System Requirements Top

System Requirements for SysTools MailXaminer:

For proper working of the software, it is necessary that all the system based requirements are

fulfilled. Below is a list of requirements that need to be fulfilled to get proper results out of the

software.

Minimal System Software Specifications

Windows 7 (32-bit or 64-bit)

Basic Hardware Requirements

Platform - Intel® Pentium® 1 GHz processor (x86, x64) or equivalent)

Memory - 4 GB RAM

Disk Space - Around 200 MB for installation

Additional Software Requirements

Additional Software - Microsoft .NET Framework 4.5

Installation of SysTools MailXaminer

Top

You can install SysTools MailXaminer properly on your computer by performing the following

steps:

Download SysTools MailXaminer latest version from the website:

http://www.mailxaminer.com/download.html Double click on download SysTools MailXaminer (setup-mailxaminer.exe). Click on

the Run.

Once you double click on set up, the setup will prompt, Do you want to run this file?

Click on Run to continue the installation.

After this, when you click on Run, and a welcome screen of SysTools MailXaminer

setup will appear. Click on Next, to proceed.

After clicking on Next, the set up will offer you a License agreement and you have to

accept it to proceed. Once the agreement is accepted, the Next option will automatically

get activated for you. Click on Next to proceed.

When you click on Next, you will be asked to select a destination location for installation

of software. By default, the software will get installed on this location C:\Program

Files\SysTools MailXaminer but, if you wish to change it then, you can also select a

different destination location by clicking on Browse button. (Once you select the

destination location, Click on Next to proceed).

After doing this, you have to select the Start Menu Folder in which the program

shortcuts need to be placed. Click Next.

After selecting the Start Menu folder, the set up will ask you to perform Additional Tasks

like Creating Desktop Icon or Creating a Quick Launch Icon. You can perform the

additional tasks as per your need and proceed.

After this, the set up will display a message stating that the software is ready to be

installed on computer system. (Click on Install button in that Message Window to move

to the last step of installation process)

At last, you will get a confirmation message stating that setup process is complete, do

you want to Launch SysTools MailXaminer. Click on Finish in that Message Window

to launch the software after a successfully after installation.

Uninstall Software Top

Un-Installation of SysTools MailXaminer

You can uninstall SysTools MailXaminer software in two ways:

From the Windows Start menu

From the Control Panel

Important Note: To uninstall the software, first make sure that SysTools MailXaminer is not

running in the background.

Using software uninstaller

Click Start button from the Windows menu. Click All Programs » SysTools MailXaminer »

Uninstall SysTools MailXaminer .

A Warning message before un-installing the software will be displayed on the screen.

Click Yes to uninstall the software:

After this step, SysTools MailXaminer Software setup will start the uninstalling from

the computer system.

After this SysTools MailXaminer Software will be successfully uninstalled from the

computer system. Click on OK to close the window.

Uninstall Using Control Panel

Another alternative described here for software uninstallation is through Windows

Control Panel which holds and maintains all system settings. This alternative is

described here just for the sake of completeness. You can easily skip this step if uninstall

is successfully done using the above mentioned process.

Click on Start and look for Control Panel in start menu that appears. Find Add and

Remove Programs within Control Panel. Add and Remove Program generates

comprehensive listing of all binaries presently installed on Windows. Find out SysTools

MailXaminer and double click on it to start it's uninstall procedures

The Software prompts you asking whether you would like to remove SysTools

MailXaminer and all of its related components. Go for Yes.

Click OK on the message reporting about the successful uninstall of SysTools

MailXaminer

Software Menu Option Top

The first menu bar on the top left corner consists of Software menu options. SysTools

MailXaminer consists of menus which are divided into several other menu items, as explained

below:

File Menu

Option Description

New Case Create new Case

Open Case Open existing Case

Import Case Import Case

Save Case Save the Case which user want to save

Close Case Close current Case

Scan File Scan the files

Exit Closes all the Applications

Option Menu

Option Description

Language Set the language

Settings Set the settings

Help Menu

Option Description

About Us Display info about MailXaminer

Activate Product Activate the product key

Software Navigation Option Top

The software has direct navigation options which let you perform some operations directly:

Home

Scan File

Export

Bookmark

Mark As privilege

Remove As privilege

Logs

Tag

Activate Product

Exit

Option Description

Home Page

Scan Selected File

Export Selected File

Bookmark the File

Mark Privilege of the file

Remove privilege from file

Show the Logs

Add and Create the tag

Activate Product through license key

Close the Application

Complete Steps to Recover, Examine & Export Evidences from Multiple file Formats

Top

Steps to Recover, Examine, Export & Save from multiple emails file type to CSV, EML, HTML,

MSG, PDF, PST, TIFF.

SysTools MailXaminer software offers to Load, Scan, and Search & Export from multiple

emails file types to various output formats such as: Concordance, CSV, HTML, MSG, PDF,

PST, TIFF, PRINT. The software smoothly does the entire exportation with simple steps. Below

mentioned are the steps and screenshots exhibiting the working of SysTools MailXaminer

software

Step 1 – Create Case

In the first step, user creates the case. Learn More →

Step 2 – Open Existing Case

In second step, open exist case. Learn More →

Step 3 – Open, Export and Import Case

In third step, Open case and export it to specific location and then import case. Learn

More →

Step 4 – Add/Scan File

In fourth step, Add the files and scan it. Learn More →

Step 5 – Scan Google App Admin without IMAP

In fourth step, In fourth step, Show process to create backup of Google Apps data without

IMAP setting synchronized. Learn More →

Step 6 – Scan Live Exchange

In fourth step, In fourth step, Process of Live Exchange Server Mailbox Analysis. Learn

More →

Step 7 – Preview the Data Mode

Preview all data mode like Hex View, Normal View, Properties View, MIME View etc.

Learn More →

Step 8 – Preview Privilege Option

Preview Mark as Privilege and Remove Privilege option. Learn More →

Step 9 – Preview Bookmark Option

Create Bookmark in emails. Learn More →

Step 10 – Sent Review Option

Send the analyzed evidences to other investigators for further analysis. Learn More →

Step 11 – Preview Tag Email Option

In this step, create Tag names with its description. Learn More →

Step 12 – Preview Log Report

In this step, preview all Log Report of Bookmark, Privilege, Export, Search etc. Learn

More →

Step 13 – Preview Skin Tone Analysis

In this step, preview pornographic images by Skin tone analysis feature. Learn More →

Step 14 – Search Option

In this step, figure out evidence from generic data available by using search option. Learn

More →

Step 15 – Export Option

Export option to export file into Concordance, CSV, EML, HTML, MSG, PDF, PST, and

TIFF. Learn More →

Step 16 – Preview the Result

In this step, preview the output result of the process. Learn More →

Create Case Top

Go to Start » Programs » SysTools MailXaminer » SysTools MailXaminer. First window

of the software appears as shown below:

The software offers two options:

1. Create a New Case: User can create new case with all new facts and information.

2. Open Recent Case: User can open existing case also.

Then, choose "Create a New Case" and the following window will appear where user

has to fill up all the details regarding the case such as; Title, Case Directory, Keywords

etc. :

Now Click on Add button :

A pop up window will display the message of successfully adding the case along with the

case name :

Open Existing Case Top

Run the software and click on Open Recent Cases.:

User can select from a list of recently created cases and click on Open:

Open, Export and Import Case Top

Export Case

You can also go to the software Home Screen and click on File Menu followed by Open

Case to open a case. :

Similarly, select the case from the list of Recent Cases and click on Open to open it :

Now you can Browse the specific location and Export it :

Case successfully export to its location :

Import Case

Choose Import Case from File Menu :

Choosing Import Case option the following pop up window will display, and then choose

Browse option to browse the case file :

Select the case and click Open to proceed :

Using the second Browse Button, select an Import Location for saving the imported case on

the computer. Click on Import to import the case. :

Add/Scan File Top

After filling in the entire details of the case, the following window will be displayed on

screen where the user needs to select the file to be scanned :

File : Select "File" option and choose desired email file type from multiple email file types :

Click on Browse button to select the file from its storage location :

Web: User can select a desired Web Mail Account also. Just provide the corresponding

User Name and Password for the admittance of account. Also, a Date Filter option is

provided :

Image :You can also analyze EnCase Forensic Image File of disk i.e. E01:

Bulk : In bulk mode, software offers following 3 modes :

1. Add File: With this option multiple file selections can be made by using the Shift or

Ctrl button during selection.

2. Add Folder : The software automatically fetches files from the folder selected

3. Remove : Removes any Email file from the selected ones

Add Folder: This option is to add multiple files at once. The software automatically fetches

files from the folder selected as it shown in below screen :

Remove : This option is to add remove email files from the list of files opened :

Duplicate file will be skipped: The software allows skipping duplicate files too.

You can provide the login credentials for the encrypted email files. If the files are not

encrypted, then you can create your own new default login credentials by providing a

Username and Password :

Now Add respective PST file by clicking on Add option :

After clicking on Add option the following window will appear in which the Email File

Status, Mail Count, File Count, and File Size (GB) easily can be viewed :

Edit Case: User can use Edit Case option to edit the case later and save it. Now Click on

View or View all options to preview the mails :

Dashboard: You can view the complete overall details of emails like: Mail Details,

Attachments Categories, Mail Duplicate/deleted status, Mails Time Line.

The software also provides a facility to edit the case further, by using "Edit Case" option. Now

click on View :

Scan Google Apps Admin without IMAP

Top

Click on Web tab and select Google Apps Admin option to download the emails of GApps

Admin :

You must create a project to avail the facility of downloading GApps admin account emails.

Fill the details in the fields provided on Admin Options window :

1. Project Name

2. Service Email Address

3. P12 Password

4. Select File (P12 Key File)

5. Select File (User Account CSV file)

6. Date Filter: From and To dates (Optional)

7. Click on Add

Scan Live Exchange Top

Click on Web tab and select Live Exchange from the list of options :

A Live Exchange window will appear. Select the version of Exchange Server (2007, 2010,

and 2013) and provide the Server Name/IP and Domain :

If Impersonation Rights owned, select the checkbox for Use Impersonation.:

i. Provide the Credentials (Username and Password) of the Mailbox for which Impersonation

is owned.

ii. Select the mailboxes:

a. Browse CSV with list of Mailbox IDs

b. Or choose, 'Let me type in Email IDs' to manually add the email IDs

iii. Click on Add

Preview the Data Mode Top

After the software loads the PST File, select the items that you want to view. You can

preview email content in the desired View mode :

Conversation View displays the messages arranged in conversations to make the context of

messages easier to understand :

Normal Mail View displays the default view of mails that you view in software :

Hex View of email is shown below. This view gives a complete preview of the hexadecimal

coding of email:

Properties View of email is shown below in which entire header information can be viewed:

Message Header View of email is shown below in which the entire header of corresponding

mail is represented:

MIME View of email is shown below. It gives forensic users a picture of the supported

internet extensions:

Email Hop View : gives the forensic user the picture of supported internet extensions :

HTML View is the standard view and basic HTML view :

RTF View of email. It appears in case of those emails which are rich text formatted::

Attachment View of email is shown below in which user can view the embedded attachment

of email :

Hierarchical View shows the hierarchical structure or subfolders of the selected email’s

folder:

Preview Privilege Option Top

To protect emails from being exported, they can be marked as privilege. Select the email(s)

and right click on it. Click on Mark As Privilege

Now, Emails marked as privilege will appear with a 'lock' icon :

When exporting emails marked as privilege a popup window will notify the status as: 'Export

Completed Successful. Total Number of Items Exported: 0'

Select the emails marked as privilege and right click on them. Click on Remove Privilege to

remove the privileges assigned on the particular emails :

Preview Bookmark Option Top

Evidences can be bookmarked for future reference. Select the email(s) and right click on

them. Click on Bookmark. This will bookmark the item for future

On the successful bookmarking of items a pop up window will notify the following

message: 'Bookmarked Item Count: 2. you can view bookmark(s) from 'Bookmarks'

section.' Click on OK :

Now you can go to the Bookmark section from the left side pane to view the list of

bookmarked items :

Preview Sent Review Option Top

Right click on any bookmarked item and select Send For Review option to send the item to

another investigator for review via any of the three options provided:

1. Via Mail

2. Via Shared Location

3. Smart Review

On selecting Via Mail option a Settings window will open up. On the Mail Settings tab

provide the following details

4. SMTP Server

5. Senders Email Address

6. Password

7. Port

Click on Save:

A prompt will appear notifying that the mail settings have been added successfully. Click on

OK :

When you send bookmarks for review via mail a Send Mail screen will appear with the

following fields to be filled out

8. To: Provide Recipient Address

9. Subject: Give a subject to the Mail

10. Attachment Icon: Bookmarks added as Attachments

11. Email Body: Write mail text

Choose Via Shared Location option to send bookmarks for review :

A Send for Review screen will open. Provide the following details:

12. Path of the Shared Location

13. Recipient email address (separated by semi colon, if multiple)

14. Subject

15. Message text

Click on Send:

A 'Mail Sent Successfully' pop up will appear on screen. Click on Ok :

Select Smart Review option to Send bookmarks for Review :

On the Smart Review screen provide the Login credentials: User Name and Password. Click

on Sign in to proceed :

Preview Tag Email Option Top

Select suspect emails, right click on it and go to Tag. Select Add Tag option :

Click on Create to create a new tag for emails :

Provide a Tag Name and Tag Description.

Click on Save :

A 'Tag Created Successfully' prompt will appear on screen. Click on Ok :

Another prompt notifying about the selected Item added to the newly created Tag will

appear. Click on Ok:

Selected items will now appear with a Tag labeled to them :

Select Tagged items, right click on them and go to Tag. Click on Remove tag to remove tag

from the selected items :

Select the Tag under which the selected items were labeled and click on Save:

A pop up window will appear stating that tags were removed from the items along with the

item count from which the tag was removed. Click on Ok:

Go back to the list of items and they will no longer be labeled under any tag:

Preview Log Report Option Top

Click on Logs from the software Menu bar to check the Case Activity Log. Click on Scan to

view the email data scanning log reports

Click on Bookmark to view the items bookmarked in the case:

Click on Privilege option to view privilege items in the case:

Click on Export to view the details regarding exported items along with description, event

time, and username :

Click on Search tab to view details of the searches carried out in the case :

Click on Tag tab to view details of the tag emails in the case :

Click on General Tab to view the searches conducted using General Search option :

Clicking on Not Indexed will list the uncategorized activities taken place in the case. Click

on Export to export this report :

Log Report can be saved by click on Export to CSV :

Thus, Export Report is saved :

Preview Image Analysis Top

On the software menu click on Options, go to Settings and Select Advance Settings :

Now go to on the Image Analysis tab Switch On Image Analysis and set a sensitivity level

for performing skin tone analysis on image by dragging the slider from anywhere between

"Very Low to Very High" accordingly. Click on Save :

From the Media Tab user can view Suspected Attachment which consist obscene images.

Expand it to view the suspected attachments categorized under Moderate, High & Low

frequencies respectively.

Search Option Top

General search is used for fetching information, relevant to the keyword(s) used to search

over the entire or selected mail attributes with required logical operators used & any number

of criteria, to narrow the search results :

o Following are the Logical operators OR, AND, NOT can be used to refine your search.

Operators used to create relation between two criteria :

1. OR Operator : Search will be optional between the two criteria

2. AND Operator : Searched term will be present in both criteria

3. NOT Operator : Searched term must not be present in results

Searching will be done between the "Subject" and "To" by using Logical Operator to make

search results more specific:

Predefined: Search the predefined keywords that identify a particular pattern in the email

evidences. It is based on the algorithm of Regular Expressions Search :

Click Advance Search that allows searching in a more detailed manner by using Subject,

Start With, Keyword and operator options. This can limit a search to emails with specific

words located in the header, specific categories or namespaces :

Proximity allows input of two words & asks for providing an approx number (from zero to

infinity) of words between those two characters. This search can be executed by the Hit &

Trial method :

Wildcard Search is used to find out the expressions or patterns for single or multiple

characters similar to :

4. Asterisk (*) : If any character or word is to be searched along with "*" symbol, then

the entire possible outcome will be displayed with that character or word

5. Question Mark (?) It is used to search for a single unknown character; like "an?"

results in and, any, ant etc.

Clear Search Result : Used for clearing all search :

Stem Search: Finds out all the possibilities for finding any uncertain words. Useful for those

users who are uncertain about the specific word :

Fuzzy Search: Finds out all the searching results that are nearest and approximate from the

given data. It is a logical implementation of search result from the given data :

Attachment : Used to switch to Attachment tab also for viewing the attachments of the

mails:

Add Criteria : Add the required criteria & fill it with information you have regarding that

field:

6. "Subject" can contain your keyword.

7. "To, From, Bcc Cc" can search for the entered term in email head.

8. "Modification Date" to modify date.

9. "MD5" will search for the entered value in MD5 value of emails

10. "Has attachment" gives option to select from yes or no.

Open Save Search Result: A pop up window will appear asking whether you want to save

current searched results or not.

Save Searched Result: Allows saving search results with a name.

Clear Search Result: Used to clear all the search results.

Auto Preview : Use to switch to Auto Preview the applicable only for Mails :

Look for: Used to define your search within an email and/or attachment. Just check the box

for the area where you want to look for the keyword; Email or Attachments. The search

results will be displayed accordingly :

Export Option Top

Export Files

Now user can select the emails which user wants to export & right click on mails. After that

select the Export all Selected Items option :

Now select the Export Options(CSV, EML, HTML, MSG, PDF, PST, TIFF) in which user

want to convert the selected emails and click on Browse button :

Select the location where user want to save the exported files and click ok :

From the Export options select the Naming convention. This module of software helps in

managing the name of saved file according to the options given in drop down menu.

Following are naming conventions given in the drop down list :

Software provides following options too :

1. Maintain folder hierarchy : Creates a folder tree of all the emails

2. Create Top folder : Create Top folder by user requirement

3. Merge exported files : Compress total files into a single file or merge multiple exported

files into one location

4. Exclude Duplicates: This option can be checked if you want to exclude duplicated

emails or data.

Now Click OK:

After clicking on OK, Exporting status in terms of Export Count is shown by the software :

As the process gets completed, the following pop up window will appear, with the message

of process completion :

An export report will be created for the complete export process. Click on Export to Save

this report on the local machine in CSV format :

Browse the location and save the report with the name export-report and click on Save button

:

A notification confirming the successful saving of CSV report will appear on screen. Click

OK :

Export Folders

For converting the multiple folders use the Export option from the navigation bar :

Select a folder or multiple folders from the right pane of the software and click on OK button

:

After clicking OK, Exporting status in terms of Export Count is shown by the software :

As the process gets completed, the following pop up window will be displayed, with the

message of process completion :

An export report is created for the complete export process. Click on Export to Save this

report on your local machine in CSV format :

Browse the location and save the report as name export-report-folder and click on Save

button :

A successful notification message will confirm the successful export report saved. Click OK:

Preview the Result Top

Now go to the location where all the files and reports are saved on your machine :

Demo Version Top

The SysTools MailXaminer software is launched with a free of cost demo version that permits

the users to export 50 items per folder and create a single case. The software can add up to 2 files

of each type and only 10 files in a case on total. Demo version of the MailXaminer software

allows files of 2GB size and analyzes only 5 suspected attachments per category. So it is

recommended to work with the free MailXaminer tool version only to examine its features. Go

ahead with the full version purchase of the software to export infinite numbers of files.

SysTools Official Site to download demo from: http://www.mailxaminer.com/download.html

Purchase Software Top

Working with the demo version further induces the need to purchase the full version of the

software. Merchandise your best bargain as the software license is distributed in the following

categories..

Personal License

SysTools Official Page where you begin your Purchase from:

http://www.mailxaminer.com/purchase.html

Single User License:

SysTools MailXaminer is a single user machine tool, usage of which is restricted upon a single

machine. The software is available at the price of 1600 USD for 1 year validation. The software

endlessly adds distinct file types and load files without any limit. User is not permitted to

distribute or recreate the software copy without prior permission of SysTools; abandoning which

makes the user liable for strict judicial actions.

Online Support Top

Avail Online Support on SysTools MailXaminer

Ask your queries related to SysTools MailXaminer direct to our software support team available

24x7 at your service. Get comprehensive online chat ancillaries upon software and other

platform interoperability related issues free.

Chat Support: http://messenger.providesupport.com/messenger/evan.html

Online Help: http://www.support.systoolsgroup.com/product/

Visit Our Website: http://www.systoolsgroup.com

Email Support

For Sales: sales@systoolsgroup.com

For Support: support@systoolsgroup.com