E-Mailyser: A Tool for Forensic Analysis of Email Dataset with Timeline and Link Analysis Approaches

Abstract

Today, the number of tools that can be used to conduct timeline analysis alone on disk images in the market is sufficient. For example, digital forensic tools like Autopsy, Plaso(Log2Timeline), ProDiscover, and FTK Imager. However, it is relatively less common to find digital forensic tools that visualize entities' linkage. Hence, this study proposed E-Mailyser as an integrated digital forensic tool that focuses on the forensic analysis of email datasets with link and timeline analysis approaches. The proposed tool includes modules such as the main interface module, timeline analysis module, link analysis module, and reporting module. Functional testing results confirm E-Mailyser’s ability to create cases, upload and view CSV dataset content, handle errors properly, and forensic analysis modules function successfully in aiding users to construct a timeline of events chronologically and finding relationships between sender and recipient using various visualisation graphs. The user acceptance test shows positive feedback and satisfaction, confirming the effectiveness of E-Mailyser features and performance. To sum up, E-Mailyser demonstrates promising analysis modules that visualize the analysis results.