Do You Know How to Analyze MBOX File’s Email Header: Just Dig In Here!
“I am a Digital Forensics investigator and today one of my colleagues just shared around 50+ MBOX emails. He asked me to analyze email header of the MBOX email files. Now, I am stuck as I am not able to find a quick yet reliable way to analyze MBOX file’s email header. Please suggest me an instant way to implement this task”
In Digital Forensics area, electronic media plays an important role as it is a mine of evidence for all the forensic investigators. At the time of the investigation, emails are considered as the most important evidence. Mostly such emails are present in MBOX file format. There are different email clients that support MBOX file format. Some of the email clients are Thunderbird, Apple Mail, Opera Mail, Entourage, Powermail etc. For forensics investigators, MBOX file is very crucial to perform email forensics and carve evidence from it.
Now, most of the forensic investigators face issues when they have to analyze MBOX file’s email header. Basically, email header contains detailed information about the email related to the route of the email message, identify email spoofing and spamming. Thus, to trace all the details related to email, it becomes necessary to analyze email header of an MBOX file. Thus, in this blog, we are going to explain different methods to view the MBOX file’s email header in multiple scenarios.
Case 1: Analyze MBOX File’s Email Header on Mac Operating System
Most of the Mac Operating system users prefer Apple Mail email client to manage their emails and data. Apple Mail is an inbuilt email client of the Mac O.S and all the emails in Apple Mail are present in MBOX file format. If the forensic investigator, needs to view and analyze Apple Mail MBOX file then he/she will not be able to do so. As all the email headers of a specific MBOX email are not directly visible to the user. Thus, in order to analyze the MBOX file’s email header on Mac O.S, one has to follow the steps explained below:
- First, open Apple Mail application on Mac Operating system
- Now, select any email message for which you want to view email header
- After that, you have to click on the View tab and then select the Message option
- Next, under the Message, you need to select the Raw Source option
- You can easily review all the details of the email header at the top of the email message. The email header includes information such as content type, mail server, IP address etc.
Case 2: Analyze MBOX File’s Email Header on Windows Operating System
When the forensic investigator needs to view and analyze MBOX file’s email header on Windows Operating system then Thunderbird email client is preferred. In Thunderbird, emails are stored in MBOX file format. One cannot view email header in the actual email as headers are hidden from the actual email. To view and analyze MBOX file’s email header on Windows O.S, follow the below-mentioned steps:
- First of all, open the message in Thunderbird for which you want to view email header
- Now, click on the View option in the menu bar
- Under the View tab, you have to choose Message Source to open header information
- Finally, you will be able to view the email header of the MBOX email selected
Want an Instant and Reliable Way to Analyze MBOX File’s Email Header?
Due to factors such as limited time, accurate results etc. most of the forensic investigators search for a smart yet quick approach to analyze the MBOX file’s email header. Thus, the user can opt for FreeViewer MBOX File Viewer to open and analyze MBOX files created by 20 + email clients. The software provides Message Header View using which the user can easily view and analyze email header details.
Summing Up
Most of the forensic investigator have to deal with numerous MBOX files on a daily basis. Basically, they need to view MBOX file’s email header details to find evidence. Thus, in the above section, we have explained different ways to analyze the MBOX file’s email header for both Mac and Windows Operating system users. On the other hand, one can also make use of a smart solution i.e MBOX File Viewer to view and analyze email header of MBOX file in a hassle-free way.
