We are excited to announce Forensic Email Collector (FEC) v3.85 is here! Here is what’s new: 👍🏻
Disk Image Output
The ability to automatically pack FEC’s output into containers is finally here! You can have FEC containerize its MIME and MSG output in VHDX format automatically at the conclusion of an acquisition or trigger containerization on demand as a post-acquisition action.
Output containers are named according to the container naming template you specify—which also covers FEC’s PST output—and are hashed automatically.
Yahoo / AOL 100k Limit Bypass
There have been several issues on Yahoo’s part affecting the forensic preservation of Yahoo / AOL mailboxes lately. To name a few, Yahoo requires App Passwords for legacy authentication, but the functionality to create them has been unavailable for some accounts. In our testing, in-place search results are capped at 1k items per subfolder, and item counts are capped at 10k or 100k items per subfolder depending on the Yahoo / AOL server one targets.
In October, we introduced modern authentication in FEC v3.81 to work around Yahoo / AOL authentication limitations. This week’s release marks phase 2 of our Yahoo support with the ability to bypass the 100k Yahoo / AOL item cap.
The new bypass feature is controlled by the following option, which is turned on by default for Yahoo / AOL acquisitions.
Acquisition Insights
We have taken a page out of our Forensic Email Intelligence playbook and introduced Insights to bring critical information to your attention. FEC now interprets key details of your acquisition and lays them out with explanations in its end-of-acquisition display.
The end-of-acquisition dialog now also includes easy access to frequently-used post-acquisition actions such as Drive attachment packaging, metadata export, and containerization.
