Vogon have developed a range of software and hardware tools, which provide us with the means to deal, in a forensically sound manner, with the common email in use today. These tools can be used both with working systems and, thanks to our Data Recovery expertise, with corrupt or damaged email systems.

In corrupt or damaged systems, we are able to trawl the data to identify system structures and use these to either rebuild a working file, or to break data out into its composite elements. From this stage we are able to carry out a full investigation using powerful search techniques in conjunction with a member of our team of experienced computer investigators.

Forensic Data Recovery
Failure of any major information system can be catastrophic. When this is the result of malicious damage or other suspicious actively the need to handle the recovery in a forensically sound manner is paramount.

Within any major business the email system is at the core of operations, with other large database systems being used to manage everything from the accounts through to sales operations.

With sophisticated systems, a small amount of corruption can be fatal leaving large volumes of data inaccessible. When confronted with this situation within the framework of a criminal or civil investigation it is essential that appropriate techniques are employed, to maximise the chances of recovering the data, whilst not invalidating any evidence during the process. Inappropriate actions often render the data irretrievable, resulting in no credible evidence, and worse, no data.

The following sections describe the email recoveries most frequently performed:

Corrupt or damaged Exchange data file
Using our specialist forensic utilities we are able to scan the data and identify the critical data structures. Once the extent of the problem has been identified the recovery can begin.

Vogon's usual method with Exchange recovery work is to identify the user account information and then use this during the recovery process to export the data as a sequence of PST files. We can then recreate each of their users in a single database containing both their mail and attachments. These are frequently of major evidential significance to an investigator.

Access Recovery
Vogon's R&D team have recently completed the development of forensic and data recovery utilities that can even recover Access data from within the free space of an evidential image.

Depending upon the extent of corruption to the Access database we can either recover a fully working database, complete with forms or, in cases of extreme damage, recover the Access tables as a sequence of ASCII files.

Outlook Recovery
Outlook PST data files are complex filing systems. Even quite trivial damage can put them beyond repair by the Inbox Repair Utility, and which in any event requires specialist forensic expertise and tools.

Vogon's programmers have reverse engineered the data structure to enable the recovery of mail even where the data is very badly damaged. Deleted entries can be recovered and attachments can be recovered even where the links are damaged from within the mail file.

Outlook Express DBX files can also be recovered.

How Vogon can help
Vogon offers a forensic data recovery service to provide working email files for your own investigation. Alternatively, we can provide a complete forensic email recovery and investigation service.

For immediate assistance please visit our emergency page for a list of contact phone numbers and enquiry form. To discuss your future Computer Forensic or Computer Security requirements with one our experienced investigators please contact us by letter, phone or email.

Copyright Vogon International Limited. All rights reserved. Home Page | Investigation Services | Laboratory Services | Forensic Systems
Back to top