Batch Creating Acquisition Projects
When acquiring multiple mailboxes from the same server, Forensic Email Collector allows you to load a list of target email addresses to batch-create acquisition projects.
You can accomplish this as follows:
1. Start a new acquisition
2. On the connection settings page, click the Add Additional Targets... link
3. Select the file that contains the list of target email addresses (see below for the format of this file)
4. On the folder selection page, click the Create Additional Projects button.
5. FEC will create a separate acquisition project for each additional target email address in your output directory.
Format of The Target Email Address List
1. When Using Delegation / Impersonation
If you are using delegation or impersonation available for G Suite, Exchange, and O365, you do not have to provide separate credentials for each target account. Your target email address list should simply be a text file containing a list of email addresses, with the string "TargetEmail" on the first row. For example:
2. When Authenticating with Each Mailbox Individually
If you are authenticating with each mailbox individually, you will need to provide the username and password for each account in your target email address list. The columns on your list should be separated by tabs, and the header names for the username and password fields should be "Username" and "Password". You can accomplish this easily by creating the list in Excel, and then copying it to a text file. For example:
Would look as follows once copied to a text file:
TargetEmail Username Password
email@example.com firstname.lastname@example.org 12412412r
email@example.com firstname.lastname@example.org 12r892eg2
email@example.com firstname.lastname@example.org 2q38745g9
email@example.com firstname.lastname@example.org 4583y54g3
email@example.com firstname.lastname@example.org vwoeug23f2
email@example.com firstname.lastname@example.org eg249g723
email@example.com firstname.lastname@example.org 3592h8qfor
email@example.com firstname.lastname@example.org wrhwe2fuefw
email@example.com firstname.lastname@example.org 9gefqeen
email@example.com firstname.lastname@example.org q3ef9gqegqe
email@example.com firstname.lastname@example.org feuoqoqef
email@example.com firstname.lastname@example.org dqqwf8yh
Performing In-place Searches on All Acquisitions
You can have all targets searched using the same in-place search criteria by specifying it in your initial acquisition session. Since project settings carry over to the additional targets, all target acquisitions will be searched using the same criteria.
Decrypting S/MIME in All Acquisitions
If you choose the "Decrypt S/MIME" option while setting up your initial acquisition project, all additional acquisition projects will also have this setting applied. You can add all the certificates needed for decryption ahead of time, or use the computer's certificate store, so that FEC can decrypt S/MIME-encrypted items across the board.
Launching the Additional Acquisition Sessions
You can start the additional acquisition sessions by double-clicking on them and clicking the RESUME button. Additionally, FEC creates a batch file named !Run_Projects.bat in your output folder which can be used to launch the projects one after the other.