G Suite Delegation Is Here
FEC v3.7 is now ready for download! This version brings a number of improvements, and one of the most awaited features is the G Suite delegation.
Domain-wide Delegation in G Suite
When collecting end-user mailboxes in a G Suite organization, FEC can now be given access to all of the mailboxes in the organization instead of having to authenticate with each user’s mailbox individually. This was a frequently requested feature, and Metaspike expect that it will help save a lot of time that was previously spent tracking custodians down for credentials or OAuth tokens.
Delegation can be used to acquire both emails and Google Calendar events—same as how Gmail API acquisitions work in FEC.
Improved Reporting of IMAP Server Metadata
It has been possible to capture server metadata with FEC for forensic authentication. Metaspike has now made the process more convenient by including the Internal Date and Unique Identifier message attributes in the Downloaded_Items log side by side. This makes it easier to spot red flags within a mail folder.
Released on 03/06/2019
- FEC now supports domain-wide delegation in G Suite organizations. Instead of authenticating into each end user’s mailbox individually, it is now possible to use a service account to access all end user mailboxes.
- IMAP internal date and UID server metadata are now exported side by side in the Downloaded_Items log to make forensic authentication easier.
- Reduced the vertical size of the notification email window to make it fit on smaller screens.
- OAuth tokens are now stored in the project database instead of on the file system. This allows users to resume a project on another computer without moving the tokens manually and eliminates the need to clear the token cache.
- Improved handling of Google Calendars without a name.
- Improved handling of Google Calendar events without organizer data.
- Enhanced throttling mitigation for Google Calendar acquisitions.
- The startup page now allows the user to go back if it was entered from another page.
- Gmail via IMAP authentication workflow no longer requests calendar OAuth scopes as Google Calendar is not accessed during an IMAP acquisition.
- Conversation Index MAPI property is now stored in MSG and PST output for Exchange acquisitions.
- Numerous other minor improvements.
Forensic Email Collector
Powerful & Intuitive
Forensic Email Collector is a powerful tool—it can forensically acquire emails from Exchange Servers, Office 365, Gmail, G Suite and virtually any IMAP server with many output options and detailed logs. It is also remarkably intuitive. You can get started in just a few minutes and preserve emails and document your efforts with a few clicks.
This small Gmail collection takes place in under a minute—complete with logs, hashing, and simultaneous output in EML, MSG and PST formats. That’s faster than the time it takes to launch some software!
Forensic Email Collector can connect to most popular email servers and cloud email providers. You are not stuck with IMAP or POP for forensic email preservation.
Office 365 & Exchange via EWS
FEC can connect to Exchange servers—including Office 365—via Exchange Web Services. You can preserve emails faster and more accurately, and without having to configure the target Exchange server for IMAP access.
Gmail & G Suite via REST API
FEC authenticates with Gmail and G Suite using OAuth and forensically acquires mailboxes at eye-watering speeds via Gmail API. Say goodbye to downloading the same message multiple times because of overlapping labels.
FEC connects to IMAP servers in a read-only manner and preserves email evidence without modifying the target mailbox. Outlook.com, Hotmail, Yahoo Mail, Zoho, iCloud and AOL Mail are just a few supported providers.
As soon as you start an acquisition, Forensic Email Collector captures snapshots of each mail folder. The snapshots are used to keep track of which mail folders and messages have been downloaded.
If you run into a network error or if the server throws a fit—free email providers are notorious for throttling large scale downloads—FEC automatically retries remaining messages as many times as you want, calculating an optimal delay amount between each retry session.
Mailbox snapshots are persisted in a database. So, you can even stop the acquisition and resume it later by loading a past project.
We all run into cases where collecting a mailbox as a whole is not an option—often due to privacy or timeframe concerns. On the other hand, eDiscovery and digital forensics workflows often involve a full collection, followed by post-acquisition searches.
Forensic Email Collector solves this problem in a creative way by allowing examiners to search mailboxes on the server side prior to the acquisition and download only the search results. No need to create labels, tag documents, or make any changes to the target mailbox.
Custodians are often apprehensive about giving their email passwords to a third-party for forensic preservation. Wouldn’t you be? Your Gmail password would let somebody access other Google services associated with your account such as Google Drive, Google Photos, and Google Hangouts.
When a custodian has two-factor authentication enabled, you would need access to information sent to a secondary device in addition to the password. Conference calls among examiners, custodians and their attorneys often ensue to coordinate the login.
Using FEC Remote Authenticator, custodians can authenticate FEC with their Gmail accounts from their own computer. They can clearly see what data FEC has access to, and can revoke that access once the acquisition is complete. No need to share any passwords.
Are you interested in this product?
or Please contact CDFS for more information
1300 55 33 24 | E-mail: firstname.lastname@example.org