Sometimes happens to me to download an entire IMAP account, or even multiple IMAP account, on the field.
This is an apparently easy task, but it’s time consuming. It might take even days with the commercial email clients and a slow internet connection.
Generally I was used to download the account with MS Outlook (with the correct settings) or Thunderbird.
These programs are mail client and they are not optimized to download evething fast, and they don’t have any progress bar who sows the total progress. Expecially MS Outlook download the mails in braches of 4GB and it’s almost impossible to guess how long will it takes.
After the long download process there are the prodecure of hashing the .pst (or the email folder)
I had a huge improvement with SecurCube IMAP Downloader in terms of:
- time saved
- evething automized, including hashes
—
https://github.com/Securcube/ImapDownloader
The steps to clone the IMAP account are:
- Set the the server and login parameters
- Select the folders to download (‘All Mail’ folder from Gmail is automatically excluded. In case you can manually select it)
- Start Download! the software will:
- Create all the IMAP folder structure directly on a zip file
- Download all messaged named with it’s IMAP index, readed status and MessageId
- Create a log files with: login parameters, server ip, folders downloaded and MD5 – SHA-1 hash codes
The analysis will be demanded to other forensic tool such as ENCASE