Ingesting Data

You can batch import email data into Forensic Email Intelligence (FEI) and have FEI calculate insight scores for each email item. The ingested data would then be displayed in a grid view so that you can sort, filter, flag, and review the data set.

FEI currently supports ingesting EML, EMLX, Partial EMLX, MSG, Mbox, OST, and PST files as well as Forensic Email Collector (FEC) projects.

Ingesting Email Data Directly

You can ingest email data into FEI as follows:

1. Create a new FEI project.

2. Give your project a name and pick an Output Path. The output path is a folder of your choice where FEI will store its project database, logs, and any extracted files.

3. On the Add Evidence page, you can group data sources into evidence items. Having multiple evidence items (e.g., one evidence item per custodian) can help keep your evidence organized within FEI's grid view.

Choose an evidence ID (e.g., 0005001000001) that aligns with your evidence management practices, and add a list of paths to ingest. If easier, you can simply drag & drop files or folders onto the Source Paths textbox. If the path reflects a folder, FEI will ingest the items within the folder and its subfolders recursively.

Ingesting FEC Projects

If you would like to ingest data that was previously collected by FEC into FEI, we recommend that you add only the corresponding FEC project (i.e., the .FECProj file), but not the actual acquired files themselves. In other words, for one FEC project, you would add a single file—the .FECProj file—into FEI.

FEI would then query your FEC project, find any email items and ingest them along with any server metadata such as IMAP UIDs, Internal Dates, flags, Gmail message and thread IDs, labels, etc. These data points are then used in FEI's intelligence views and during the calculation of an insight score.

Ingestion Logs

FEI keeps detailed logs of the ingestion and extraction processes in your output directory inside the Logs folder. We strongly recommend that you review the ingestion logs at the end of the import process to confirm the import ran successfully.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us