Batch Creating Acquisition Projects
When acquiring multiple mailboxes from the same server, Forensic Email Collector allows you to load a list of target email addresses to batch-create acquisition projects.
You can accomplish this as follows:
1. Start a new acquisition
2. On the connection settings page, click the Add Additional Targets... link
3. Select the file that contains the list of target email addresses (see below for the format of this file)
4. On the folder selection page, click the Create Additional Projects button.
5. FEC will create a separate acquisition project for each additional target email address in your output directory.
Format of The Target Email Address List
1. When Using Delegation / Impersonation
If you are using delegation or impersonation available for G Suite, Exchange, and O365, you do not have to provide separate credentials for each target account. Your target email address list should simply be a text file containing a list of email addresses, with the string "TargetEmail" on the first row. For example:
2. When Authenticating with Each Mailbox Individually
If you are authenticating with each mailbox individually, you will need to provide the username and password for each account in your target email address list. The columns on your list should be separated by tabs, and the header names for the username and password fields should be "Username" and "Password". You can accomplish this easily by creating the list in Excel, and then copying it to a text file. For example:
Would look as follows once copied to a text file:
TargetEmail Username Password
firstname.lastname@example.org email@example.com 12412412r
firstname.lastname@example.org email@example.com 12r892eg2
firstname.lastname@example.org email@example.com 2q38745g9
firstname.lastname@example.org email@example.com 4583y54g3
firstname.lastname@example.org email@example.com vwoeug23f2
firstname.lastname@example.org email@example.com eg249g723
firstname.lastname@example.org email@example.com 3592h8qfor
firstname.lastname@example.org email@example.com wrhwe2fuefw
firstname.lastname@example.org email@example.com 9gefqeen
firstname.lastname@example.org email@example.com q3ef9gqegqe
firstname.lastname@example.org email@example.com feuoqoqef
firstname.lastname@example.org email@example.com dqqwf8yh
Performing In-place Searches on All Acquisitions
You can have all targets searched using the same in-place search criteria by specifying it in your initial acquisition session. Since project settings carry over to the additional targets, all target acquisitions will be searched using the same criteria.
Decrypting S/MIME in All Acquisitions
If you choose the "Decrypt S/MIME" option while setting up your initial acquisition project, all additional acquisition projects will also have this setting applied. You can add all the certificates needed for decryption ahead of time, or use the computer's certificate store, so that FEC can decrypt S/MIME-encrypted items across the board.
Launching the Additional Acquisition Sessions
You can start the additional acquisition sessions by double-clicking on them and clicking the RESUME button. Additionally, FEC creates a batch file named !Run_Projects.bat in your output folder which can be used to launch the projects one after the other.