November 23, 2011
While our focus is not on Data Collection, we do have at hand a readily available and knowledgeable partner network that is partly made up of computer forensic leaders. Now for those of you that didn’t know, Sfile just jumped on the Google Plus bandwagon, so while doing research on Google Plus and Gmail data, we developed a deep interest of how this data is collected from a widely used and web-based mail system.
Therefore during this slow holiday week, we picked a select number of our forensic partner’s brains by conducting a poll to see what forensic tools they use or recommend for collecting client Gmail and we received some interesting feedback.
We found that most of our forensic partners use IMAP connection tools such as Aid4Mail to identify and collect Gmail messages. They have found that tools such as this are reliable, affordable, easy to deploy and easy to use. On the other hand, and depending on the data, some of our forensic network set up the email account as POP3 and then use Outlook to load the emails into a PST file.
We learned that there are two ways that devices and clients can communicate with Gmail, POP (one-way communication path) and IMAP (two-way communication path). However, we also found that even Google itself recommends using IMAP over POP. IMAP provides a better method to access messages from multiple devices and ensures that new mail is accessible from any device at any given time.
We realize that data is never simple and there always different challenges such as access, verification, and authentication. Therefore, we pose this question to you, which collections tools do you use or recommend?
For a referral to one of our trusted computer forensic partners throughout the nation, please contact Sfile.