MailXaminer Email Decryption

MailXaminer's email decryption feature is a component of its email forensics tool that enables investigators to decrypt S/MIME and OpenPGP encrypted emails for forensic analysis. It supports decryption of emails stored in PST, OST, and EDB file formats. The tool operates within a case management workflow, allowing investigators to create new cases or open existing ones before adding encrypted email evidence. During the scanning process, decryption settings can be configured to automatically detect encrypted emails and those containing digital signatures. Decryption keys can be added in two ways: manually entering individual keys or importing multiple keys via a CSV file. For S/MIME decryption, a certificate file and password are required. For OpenPGP decryption, a private key file and password are required. After decryption, the tool displays emails in their original plaintext form. Encrypted emails are marked with a key symbol, and digitally signed emails are indicated with a badge symbol. Investigators can click individual emails to preview full message details for evidence extraction and analysis. The feature supports both S/MIME (Secure/Multipurpose Internet Mail Extensions), which uses public key encryption and digital signatures, and OpenPGP (Open Pretty Good Privacy), which uses Public Key Infrastructure and symmetric encryption to secure email content.