Lotus Notes Forensics – Searching and Carving Out Evidences
Our team in the past few years, experienced plenty of Lotus Notes forensics cases. During the investigation, we noticed that there is a treasure of information in the form of an NSF database. To make it more clear, I will have to narrate the whole experience.
Most of the time, clients arrive with just Lotus Notes account credentials and demand to find out the evidence from the suspected person’s email account. Lotus Notes has its database in NSF format, storing – emails, contacts, tasks, calendars, notes, & journals. From a forensic point of view, the evidence can be hidden in any of the Lotus Notes elements.
Lotus Notes is a good email client for sending and receiving mails and manages data well, but there is no easy or manual way to find out pieces of evidence secluded within.
Convert NSF to PST File: The Whys & Wherefores?
The file extension used by Lotus Notes for its database is difficult to work with. Due to the various drawbacks and complexities attached to NSF file format. Like; if an account is password protected, the user id file has to be browsed for login. Moreover, without that id file, no one can access that particular account’s database.
Also, security complexities create hurdles during analysis. For case analysis, we need to find an application that makes the tedious Lotus notes NSF forensics investigation an easy task. As it is very important to give out instant results to catch the culprit. Evidently, for that my team members along with me, researched and found a solution to analyze the NSF file format & execute Lotus Notes forensics safely.
During our research process, we analyzed that, there is another email client that works quite similar to Lotus Notes. The email client is Microsoft Outlook and it uses a file called PST (Personal Storage Table) which is quite simple to analyze as compared to the NSF format database. The PST is a format for Outlook to store the contents of a particular user account.
All the versions of Microsoft Outlook support PST format. We can simply use an external exporter for Lotus Notes NSF file to Outlook PST Migration. There are various tools available that perform the migration. However, only a few guarantee a successful conversion. We used a few tools and came up with an idea that really helped in Lotus Notes forensics.
The software has various futuristic features that are useful for forensics, some of these features are here below for users to get an overview:
Migrate all NSF Items Successfully:
The software is well capable to migrate all the items in the NSF database folder to PST format which includes emails, contacts, calendars, journals, tasks, & notes. It exports all the items successfully to outlook PST format with all the original details and structure of the folders.
Using this Advanced level filtering, the Lotus Notes Forensics become easier and quicker to find suspected files. on the basis of date, it can filter by setting To and From, by checking or unchecking the Exclude Deleted Items option deleted folders can be excluded or included for the investigation.
Advance Level Setting: Using Advanced level features you can get information about internet header, removes local NSF security, information in HTML format & Rich Text Format. All such information is very helpful for a fornicator.
Get Status Report: After the end of the successful operation, the software provides users with status reports. It shows all the statistics of the file including exact figures. This helps users with further investigation & analysis that might be required in future.
Note: In case users do not want to get the files in PST format, they can opt for the Lotus Notes Converter Tool which enables users to convert the NSF file into different file formats like MSG, MBOX, PDF, HTML, EML, etc.
We recommend using this tool for those who are facing inconvenience in performing Lotus Notes NSF Forensics. Evidently, the simple way is to use Lotus Notes to Outlook Converter and search out the hidden evidence of suspected files.
Various government agencies trust this tool with the best results. Also, the utility has helped us to put the culprit behind the bars. Which makes it all the more relevant in terms of using it. Evidently, a wise decision can help users in getting their desired results.