Rowald Trial Services Trial Services

CV

To see my credentials, certificatons, and experience view my Curriculum Vitae

 

Process

See the process we use to help litagators win

 

services

We offer a wide variety of Computer Forensic related services. To view all of our offerings click here.

 
Email Forensics - Email Discovery
Email is one of the most common ways people communicate. From internal meeting requests, distribution of documents and general conversation one would be had pressed to find an organization of any size that does not rely on email. Studies have shown that more email is generated every day than phone conversations and paper documents combined. Forensic Analysis of email clients and servers has been in the spotlight of civil and criminal cases worldwide and no examination of Document Discovery is complete without requesting, searching and organizing email.

Rowald Trial Services has the skill set, experience and tools to ease the burden of analyzing email, from one users mailbox to hundreds of users throughout a massive Microsoft Exchange or Lotus Notes organization. Rowald Trial Services has assisted clients in the forensic extraction and analysis of email, contacts and calendars in many cases.

At a cost of $1000.00 it allows clients to make an informed decision as to continuing the computer forensic analysis and for Rowald Trial Services Forensics to give a precise estimate of hours or, in many cases, flat rate the project.

Identification and Extraction
The first step in an email examination is to identify the sources of email and how the email servers and clients are used in an organization. More than just a way of sending messages email clients and servers have expanded into full databases, document repositories, contact managers, time mangers, calendars and many other applications. For instance, we have seen Microsoft Exchange customized to be used as a complete Customer Relationship Manager (CRM). Many organizations use these powerful, database enabled email and messaging servers to manage cases, track clients and share data. A skilled Forensic Examiner must know how to identify how these powerful business tools are being used far beyond email.

Many users store their personal calendars, contacts and even synchronize their email clients with their Personal Digital Assistants (PDA) or Smartphone. Organizations use features like the Free/Busy Connector in MS Exchange to track availability of employees and utilize shared colanders to track appointments and meetings. Forensic analysis of the email server and the clients on users systems often yield an amazing amount of information on the user and the organization itself. Rowald Trial Services can assist in properly asking for and analyzing email and organizational tools in a forensically sound manner. Email forensics is more than looking at email messages and the examiner must be aware of the advanced features and forensic possibilities of each type of email system.

Deleted Email
Many user believe that once they delete email from their client that the the mail is unrecoverable. Nothing could be farther from the truth, many times emails can forensically extracted even after deletion. Many users also do not grasp the concept that email has a sender AND a recipient or multiple recipients. Emails may reside on servers unbeknown to the user, or on backup tapes that were created during the normal course of business. Of course they may also be extracted from the hard disk of the client or the server. Rowald Trial Services has used forensic techniques and common sense to recover deleted email, calendars and more from users email clients and email servers.

Web Mail or Web Based Email
It is completely possible to forensically recover email that was created or received by web based email systems and from free web based email services such as Hotmail, Gmail (Google Mail) and Yahoo Mail. These types of mail systems use a browser to interface with the email server, the browser inherently caches information to the disk drive in the system used to retrieve or generate the email thereby effectively saving a copy to the disk. A skilled forensic examiner can extract the HTML based Email from disk drive of the system used to create or retrieve the email messages. many organizations also have a web based system for users to retrieve their email while out if the office, for instance OWA or Outlook Web Access used with Microsoft Exchange Servers. These Browser Based Web Mail clients also cache messages to the disk.

Many Web Based or Web mail services, including Yahoo and Hotmail have shared calendaring services, personal calendars and contact managers as as email. Anytime these services are accessed they may be cached to the disk as well. Rowald Trial Services had an many instances where important contact information, such as email, for additional subjects was found because of careful analysis of all the web email and web based services was conducted.

Correlating Email Messages
If properly conducted and managed the forensic analysis of email yields documents that can be easily correlated by date, subject, recipient or sender and yield a highly understandable and easy to follow map of events and entities. Rowald Trial Services takes great pride in the ability to correlate large amounts of data into understandable and easy to follow presentations. While maintaining the highest standards of forensic soundness Rowald Trial Services uses specialized tools to link entities, dates, times and events ensuring that our clients, and their clients achieve the highest level of efficiency and the highest quality work product when they choose Rowald Trial Services to conduct their email forensics or email discovery tasks.




































2008 Rowald Trial Services all right reserved