Advanced Email Analysis Techniques Using Intella

09 Sep 2020

Almost all digital investigations require the examiner to locate and analyze communication data which can come in the form of chat clients, SMS messaging, or email applications.  Vast amounts of data across multiple sources hamper the examiners’ ability to cut through the communications in a reasonable amount of time, which is where the need to use specialized tools comes into play.  This session will describe best practices in culling through the vast amount of data to link custodians to communications, how to read email headers and how to find the missing link when the visualized data only tells half the story.


Primary learning points include:

  • Email thread analysis, including the determination of the inclusive emails and missing emails.
  • Identities modeling to bundle aliases such as email addresses, phone numbers and chat accounts into a single unit.
  • Determining Geolocation data from IP addressing and pitfalls in accurately reporting exact locations when proxies are in use.
Searching unallocated spaces of email containers to carve fragments of email data.
Rob Attoe, CEO & Founder, Spyder Forensics - Vound Software