MailXaminer is a Windows-based email forensics tool designed for the preservation, analysis, and recovery of evidence from email data. It supports forensic investigation from multiple sources, including local machine email files (PST, MBOX, EDB, OLM, OST, TBB, EML), live Exchange server environments, web-based email accounts, and disk images (E01, DMG, LEF, DD, ZIP). The tool facilitates the extraction and examination of email messages, headers, server logs, and attachments for use in civil or criminal legal proceedings. It provides HTML source code viewing of emails to identify potentially malicious code or embedded content. Email filtering and search capabilities are a core component, supporting multiple search modes: - General search with AND/OR/NOT operators - Wildcard search - Regular expression search - Stem search - Fuzzy search - Predefined search (based on standard data formats such as postal codes, date/time) - Advanced search (targeting specific email parts: subject, header, body) - Proximity search (locating terms within a defined word distance) The tool also includes attachment analysis, displaying file type details and counts, which assists in identifying threats embedded within common file types such as PDF, Word, or audio files. Email header analysis is supported to examine MTA routing, sender/receiver information, and domain authentication elements.