Forensic Email Collector


Released on 11/24/2021

  • Improved the handling of absolute paths during Drive attachment/revision packaging.
  • FEC application shortcut is now stored inside a Metaspike folder within the Start Menu—next to FEI’s and Obliterator’s shortcuts if installed. Due to this change, we recommend that you uninstall any existing FEC installations in order to keep your list of installed applications organized. Deactivating the license is not needed.
  • Other minor GUI and performance improvements.

Released on 9/23/2021

  • Extended support for shortcut type Drive items.
  • Improved accuracy of Drive attachment identification.
  • Unified Query Builder now adjusts the search queries that it constructs based on the limitations of some IMAP servers.
  • Extended FEC’s built-in provider list with additional IMAP hosts.
  • Fixed an issue where the order of the drag & dropped trusted timestamping files could negatively affect timestamp verification within FEC.
  • Other minor GUI and performance improvements.

Remote Authenticator v1.50.2
Released on 8/24/2021

  • Holding down the left Control key while clicking the AUTHENTICATE button now allows the user to bypass automatic provider detection. Useful in scenarios where current MX records do not accurately reflect the target email provider.
  • Extended target email address validation to cover more exotic email address types.
  • Updated Microsoft’s and Google’s OAuth libraries.
  • Added examples to Microsoft’s consumer accounts in the UI to provide more clarity to end-users.
  • Minor GUI improvements.

Released on 8/16/2021
Read Release Notes

  • Added support for trusted timestamping of acquisition logs and verification of timestamped logs as per RFC 3161. Additional details can be found here.
  • Added Port Tester to test whether network ports FEC commonly uses are open on the device where FEC is run.
  • Capitalization differences between the target email address and Remote Authenticator token email address are now tolerated for Gmail / Google Workspace acquisitions.
  • Added support for the SHA-512 cryptographic hash algorithm.
  • Improved S/MIME decryption of improperly formatted messages.
  • Folder tree view now includes the authenticated email address when it is different than the target email address.
  • OAuth authenticated email address is now logged in FEC’s Acquisition Log.
  • Numerous other performance and user interface improvements.

Remote Authenticator v1.2.0 for macOS
Released on 5/26/2021

  • Extended target email address validation to cover more exotic email address types.
  • Updated Microsoft’s and Google’s OAuth libraries.
  • Minor GUI improvements.

Released on 5/6/2021

  • Switched FEC to use the system web browser for OAuth authentication with O365 and Microsoft consumer accounts due to an issue Microsoft introduced recently.
  • Numerous minor improvements.

Released on 4/16/2021
Read Release Notes

  • Added capability to collapse duplicate Drive attachments and revisions to significantly improve acquisition performance.
  • Added additional metadata to Downloaded Drive Attachments log to reflect if a file was shared, information about the user who shared the file, and when the file was shared with the acquisition target.
  • Improved new project file creation speed. This makes a notable difference when creating a large number of FEC projects for bulk acquisitions.
  • Extended target email address validation to cover more exotic email address types.
  • FEC will now attempt to detect if the target email server is putting a cap on search results and report it in the Acquisition Log.
  • Improved recovery from throttling during Drive acquisitions.
  • Fixed a very rare issue where the project completion dialog may fail to display on certain environments.
  • Added more descriptive error messages when using service accounts or when an app password may be required for authentication.
  • Various performance and user interface enhancements.

Released on 2/17/2021

This is a maintenance release with the following improvements:

  • Fixed an issue that could disrupt Drive attachment acquisition in some edge cases.
  • Improved support for custom authentication tokens.
  • Numerous minor enhancements.

Released on 1/29/2021

  • Added the capability to explore and include contents of Google Drive folders when acquiring Drive attachments / revisions.
  • You can now import custom tokens for authentication.
  • FEC now supports resuming acquisition projects within the same major version of the software.
  • If there are remaining items at the end of an acquisition session, FEC now gives you the option to package Drive attachments at that time or later.
  • Improved MAPI output compatibility with some versions of Outlook.
  • It is now possible to copy the target email address for a Remote Authenticator token.
  • Improved logging and reporting during Drive attachment packaging.
  • Improvements to OAuth authentication workflow for EWS and Graph API.
  • Numerous performance and GUI enhancements.

Released on 10/21/2020

  • Improved the handling of empty in-place search responses from Gmail API. This also speeds up searches run from a list of search expressions via the Search Hit Report interface.
  • FEC now uses the filter query parameter instead of the search query parameter when running in-place searches via Graph API. This helps work around the Microsoft Graph API search cap. We have also added an option to use the search query parameter if/when needed.
  • Minor performance improvement to Graph API item acquisition speed.
  • Numerous under-the-hood improvements.

Released on 10/5/2020
Read Release Notes

  • S/MIME Decryption—FEC can now decrypt S/MIME-encrypted items on the fly. Certificates can be loaded in PKCS #12 (.pfx or .p12) or DER format or retrieved automatically from the Windows certificate store.
  • It is now possible to acquire Google Drive attachments / revisions of Google Calendar items during Gmail / G Suite acquisitions.
  • Improved performance of the identification of Drive attachment links.
  • Exchange Web Services (EWS) and Graph API now show running counts of found items within a folder during in-place search preview.
  • Added IMAP in-place search option to search for the presence of the “\Seen” message flag (i.e., whether or not a message was “read”).
  • Numerous minor performance improvements.

Remote Authenticator v1.0.0 for macOS
Released on 8/17/2020

  • The initial release of Remote Authenticator for Mac.
  • Supports Gmail, G Suite, O365, and Microsoft consumer accounts (, Hotmail, etc.)

Released on 7/27/2020

  • Improvements to error handling during Google Drive attachment/revision acquisitions involving many 404 errors.
  • Improved support for very large Drive attachments.
  • Minor GUI and performance improvements.

Released on 7/20/2020

  • Gmail Message ID and Thread ID Decoding—When acquiring from Gmail or G Suite, FEC now decodes timestamps found in Gmail Message IDs and Thread IDs and includes them in its Downloaded Items Log in human-readable form.
  • Added the ability to acquire the Recoverable Items Folder via Graph API.
  • System folders such as “Audits” and “System” no longer trigger retry attempts in EWS or Graph API acquisitions.
  • Added several IMAP email providers as additional built-in profiles for automatic configuration.
  • Numerous other GUI and performance improvements.

Released on 6/26/2020
Read Release Notes

  • This is a major update that marks the halfway point to v4!
  • New Provider: Microsoft Graph—Microsoft Graph supports both Microsoft’s business accounts (O365) as well as consumer accounts such as Hotmail and This provider supports FEC’s advanced features such as Remote Authentication, in-place searches, inbox rule acquisition, metadata acquisition, etc.
  • Gmail History Records—FEC can now acquire and export history records from Gmail / G Suite accounts for investigations.
  • Google Calendar permissions are now optional. When unchecked, FEC doesn’t list Google Calendars associated with a Gmail / G Suite mailbox and you can perform an acquisition with only read-only Gmail permissions when needed. This also makes Remote Authenticator scope customization more flexible.
  • New token architecture for Exchange—Exchange tokens for EWS and Graph API tokens are now acquired through a new, unified architecture.
  • It is now possible to perform metadata-only acquisitions without having to start a regular acquisition.
  • Major improvements to how FEC detects and mitigates throttling.
  • FEC now reports its progress when acquiring snapshots of large folders.
  • Performance improvements to in-place search result previews in Exchange Web Services.
  • When you cancel an acquisition in the middle of throttling, it is no longer necessary to wait through FEC’s throttling mitigation countdown. Canceling now instantly bypasses the countdown.
  • FEC’s main menu is now disabled during acquisitions to prevent accidental navigation.
  • Numerous other GUI and performance improvements.

Important Note: Due to changes in Exchange OAuth token architecture, FEC 3.50 is compatible with Remote Authenticator 1.50 and later. Outstanding EWS tokens from earlier Remote Authenticator versions cannot be imported into FEC 3.50.

Remote Authenticator v1.50.0
Released on 6/26/2020

  • Remote Authenticator now supports Graph API. This adds support for Microsoft’s consumer accounts (Hotmail,, etc.) in addition to existing support for Gmail, G Suite, and O365.
  • When acquiring tokens for O365 and Microsoft consumer accounts, Remote Authenticator allows using an existing login session on the web browser.

Released on 5/19/2020

  • Added support for additional Exchange item types such as Teams chats.
  • Custom Exchange acquisitions now support accepting all SSL certificates. This helps work around on-premises Exchange servers with invalid/expired certificates.
  • Improved performance of extracting Drive attachment links from messages.
  • It is now possible to customize the number of items returned when previewing in-place search results.
  • Added logic to help keep the acquisition moving when Gmail or Drive API fails to respond during Gmail / G Suite acquisitions.
  • Numerous other performance improvements.

Remote Authenticator v1.11.4
Released on 4/17/2020

  • Added support for TLS 1.2 so that Remote Authenticator can work in organizations where older cryptographic protocols are disabled.
  • Added the option to copy full exception details to clipboard in the event that an error is encountered.
  • Reduced the size of the executable by ~63%.

Released on 4/1/2020

  • When acquiring Google Drive attachments and revisions, it is now possible to only acquire the latest Drive revision before the parent email was sent.
  • Added support for additional Exchange item types such as RSS feeds.
  • Unified Query Builder now constructs date queries in the format required by the service provider regardless of the user’s regional settings.
  • FEC now asks for confirmation when exiting the program if an acquisition is in progress. When confirmed, the ongoing acquisition is stopped gracefully.
  • Improved support for multiple instances of FEC running simultaneously when licensed via dongle.
  • Unified Query Builder now automatically detects when all Gmail labels are selected and removes the redundant label query keywords when constructing Gmail searches.
  • Improved support for searching multiple target mailboxes using the same search query.

Released on 02/18/2020

  • Unified Query Builder implemented for streamlined participant, date, and label (for Gmail API) in-place searches.
  • It is now possible to automatically package acquired Google Drive attachments and revisions with their parent messages.
  • Improved handling of Google Drive attachments that are beyond Google’s export size limit.
  • Inaccessible Recoverable Items Folder in older Exchange servers no longer prevents the acquisition from proceeding. The issue is logged in the exception log.
  • Gmail API acquisitions now present a “Select All” button to check all Google calendars associated with an account for acquisition.
  • Various other performance and UI improvements.

Remote Authenticator v1.11.1
Released on 1/7/2020

  • It is now possible to customize the permissions Remote Authenticator requests by hard-coding flags into the executable’s filename.

Released on 12/02/2019

  • FEC now supports preserving revisions of Google Drive attachments.
  • It is now possible to use Remote Authentication tokens for delegate access or impersonation in Exchange / O365 acquisitions.
  • Last encountered error, if any, is now displayed in FEC’s user interface during acquisitions.
  • Exception and acquisition logs are no longer locked during the acquisition. This allows viewing the logs easily while the acquisition is in progress.
  • Added support for TLS 1.3 in IMAP, POP3, and SMTP connections.
  • Drive acquisition errors now provide more detail in the exception log.
  • Various other performance and UI improvements.

Released on 10/08/2019

  • FEC now supports connecting to email servers via POP3.
  • New -autoclose command line switch allows FEC to run in silent mode without user interaction.
  • When creating additional acquisition projects from a list of targets, FEC now also outputs a batch file which can be used to start/resume each project one after the other.
  • System folders such as “Audits” and “System” no longer trigger retry attempts during Exchange acquisitions.
  • It is now possible to update a dongle license in maintenance expired state without having to roll back to an older version of FEC.
  • Numerous other UI and performance improvements.

Released on 09/03/2019

  • FEC now supports importing a list of keywords from file when performing in-place searches on Gmail / G Suite, Exchange, and O365. Imported terms are converted automatically to a combined query.
  • When importing a list of search terms, it is now possible to execute each line individually, get search hit counts, and export a search hit report.
  • It is now possible to batch-create FEC projects by loading a list of target email addresses from file.
  • Google Drive attachment acquisitions can now be performed using the API credentials built into FEC—no need to bring your own API credentials.
  • When connecting to Gmail / G Suite via API, FEC now requests read-only Gmail access.
  • The built-in ProtonMail profile now uses explicit SSL instead of implicit SSL for improved compatibility with ProtonMail Bridge.
  • Improvements to Exchange folder tree creation process for mailboxes with a large number of folders.
  • Changed the font used for the username and password fields to make the distinction between a “zero” and an “O” clearer.
  • Numerous other UI and performance improvements.

Remote Authenticator v1.10.1
Released on 08/29/2019

  • FEC Remote Authenticator now supports authentication with Google Drive for Drive attachment acquisitions.
  • Changed the font used for the target email address to make the distinction between a “zero” and an “O” clearer.

Released on 07/08/2019

  • Google Drive support phase 1—FEC can now acquire Google Drive attachments of Gmail / G Suite messages when using delegation or custom API credentials.
  • Dongle licenses of FEC now support running in portable mode from a flash drive.
  • Reports can now be exported with DAT and CSV delimiters in addition to TSV.
  • Acquisitions can now be started and resumed from the command line.
  • Improved support for Google Calendar items with incomplete elements.
  • In-place search preview operations can now be canceled.
  • FEC now displays a running count of the number of responsive items as the in-place search preview is running.
  • Custom Google API credentials can now be saved for future use.
  • Changed the font used for the target email address to make the distinction between a “zero” and an “O” clearer.
  • Numerous other UI and performance improvements.

Released on 05/23/2019

  • FEC’s folder tree for Exchange / O365 acquisitions now groups the “Recoverable Items” and “Archive” folders under separate tree nodes for clarity.
  • Improved folder tree creation for Exchange servers which can result in better support for In-Place Archives in some edge cases.
  • It is now possible to use OAuth authentication with O365 when using a custom Exchange profile rather than the built-in O365 profile. This helps in scenarios where the MX records for the domain do not reflect those of O365.
  • Added support for a legacy O365 MX record so that domains using the deprecated record are automatically recognized as using O365.

Remote Authenticator v1.8.2
Released on 05/10/2019

  • FEC Remote Authenticator now allows you to manually select a provider profile (i.e., Gmail, G Suite, or O365) if the provider for the target email address cannot be automatically detected.

Released on 05/06/2019

  • OAuth authentication is now supported for Office 365. FEC Remote Authenticator was also updated to v1.8.1 to support the remote authentication workflow for O365.
  • In addition to delegation, FEC now supports impersonation in Exchange / O365.
  • FEC now captures inbox rules from Exchange / O365 targets and mailbox filters from Gmail / G Suite targets automatically.
  • The Acquisition Log now contains a summary section with message counts to assist with quality control.
  • In-place search previews and their result counts are now recorded in the Acquisition Log.
  • Exchange conversation index values and Gmail thread IDs are now recorded in the Downloaded Items Log.
  • The “Duplicate Items for Each Gmail Label” option is now reflected in the acquisition log.
  • The custom Exchange connection profile now has an “O365” button to populate the EWS Endpoint URI with that of O365.
  • Added support for additional Exchange item subtypes such as non-delivery reports.
  • Executing an in-place search preview for the inaccessible “Audits” and “System” Exchange folders no longer prevents the search preview from running. Any exceptions are logged in the exception log.
  • Exchange item types without a conversation index value are no longer logged as exceptions.
  • Numerous other minor improvements.

Remote Authenticator v1.8.1
Released on 05/06/2019

  • FEC Remote Authenticator now supports O365.
  • Increased system requirements to .NET Framework 4.5.

Released on 03/06/2019

  • FEC now supports domain-wide delegation in G Suite organizations. Instead of authenticating into each end user’s mailbox individually, it is now possible to use a service account to access all end user mailboxes.
  • IMAP internal date and UID server metadata are now exported side by side in the Downloaded_Items log to make forensic authentication easier.
  • Reduced the vertical size of the notification email window to make it fit on smaller screens.
  • OAuth tokens are now stored in the project database instead of on the file system. This allows users to resume a project on another computer without moving the tokens manually and eliminates the need to clear the token cache.
  • Improved handling of Google Calendars without a name.
  • Improved handling of Google Calendar events without organizer data.
  • Enhanced throttling mitigation for Google Calendar acquisitions.
  • The startup page now allows the user to go back if it was entered from another page.
  • Gmail via IMAP authentication workflow no longer requests calendar OAuth scopes as Google Calendar is not accessed during an IMAP acquisition.
  • Conversation Index MAPI property is now stored in MSG and PST output for Exchange acquisitions.
  • Numerous other minor improvements.

Released on 02/05/2019

  • Improved the snapshot process for Exchange / O365 which resulted in a major performance boost. This will also make server throttling less likely during the snapshot stage in Exchange acquisitions.
  • Made the Exchange snapshot stage more resilient to server throttling.
  • It is now possible to import and export IMAP search queries.
  • MSG output is no longer required for PST output. These two options can now be selected and deselected independently of each other.
  • It is now possible to output to a folder containing an existing FEC project. FEC will detect the presence of the other project and create a unique session subfolder where necessary. This should make it easier to go back and tweak settings while setting up an acquisition.
  • Added a hint next to the output folder picker that indicates if the output folder is not empty, and the available disk space.
  • A more prominent message is now shown at the end of an acquisition session if there are any folders whose snapshots have not been completed.
  • Revised target email address validation to add support for long TLDs.
  • OAuth requests to Google now also include the CalendarEventsReadonly scope.
  • Numerous other minor improvements.

Remote Authenticator v1.6.1
Released on 02/05/2019

  • OAuth requests to Google now also include the CalendarEventsReadonly scope.
  • Reduced footprint on target computers.

Released on 01/10/2019

This is a major update with several new features and enhancements:

  • Added support for calendar, contact, and note item types for Exchange acquisitions.
  • Added support for Google Calendar acquisition.
  • Expanded Search Console for Gmail to enable in-place Google Calendar searches.
  • Improved support for meeting requests.
  • Added option to export messages multiple times under each Gmail label for Gmail API acquisitions.
  • The acquisition log now contains information about the Google Calendars that were found, if any.
  • New user preference for maximum wait duration.
  • Improved the calculation of username from target email address so that the username is not reset unless the target email address is changed.
  • IMAP acquisitions now capture message flags during message download rather than the folder snapshot phase. This improves snapshot performance and works around IMAP server issues where the server incorrectly returns search results that were not requested.
  • Improved folder snapshot performance for Gmail API acquisitions.
  • Added query syntax checking and correction functionality to Search Console for Gmail and Exchange.
  • PST hashing progress is now displayed using the progress bar in addition to the text-based display.

Remote Authenticator v1.5.0
Released on 01/10/2019

  • Updated to work with FEC v3.5 and later.
  • Remote Authenticator now requests Google Calendar access along with Gmail.

Released on 10/28/2018

This is a minor maintenance release with the following improvements:

  • Hardened folder tree generation for Exchange mailboxes so that FEC can work around folder names containing invalid characters.
  • FEC now includes a message that a browser window will open for OAuth authentication when that option is selected.

Remote Authenticator v1.3.1
Released on 10/23/2018

This is an update to the FEC Remote Authenticator application only.

  • Reduced system requirements to .NET Framework 4 from 4.6.1. This allows FEC Remote Authenticator to run on earlier versions of Windows 7 without SP1, Windows Vista, and even Windows XP.
  • Updated the save token dialog to make it more intuitive for end users.

Released on 10/15/2018

  • Direct PST writer—Forensic Email Collector can now write output PSTs all on its own. Outlook is no longer required. In addition to the removal of the Outlook dependency, the direct PST writer brings performance improvements.
  • Foldered output option for Gmail API—FEC now provides an option to create an output folder structure based on Gmail labels when acquiring Gmail / G Suite mailboxes via Gmail API.
  • Long file path support—Long file paths inside target mailboxes exceeding 260 characters are now supported.
  • Improvements to Exchange Autodiscover functionality.
  • You can now display the password inside the password box when entering credentials.
  • Introduced option to expand and collapse all child tree nodes when working with the folder tree of a target mailbox.
  • email addresses are now associated with the AOL built-in profile.
  • FEC now logs the username used during the acquisition. This can be helpful in instances where the username differs from the target email account (e.g., when delegation is used).
  • Hardened the folder tree creation process for IMAP mailboxes.
  • Improvements to the management and hashing of multiple output PSTs when the split output PST option is selected.
  • The display names of output PSTs are now set to reflect the target email address for easier identification.
  • Numerous other minor improvements.

Released on 7/23/2018

  • Delegation for Exchange/Office 365—You can now acquire a target mailbox using the credentials of another authorized user (e.g., an administrator) who has access to the target mailbox.
  • Email Notifications—FEC can now notify you via email when an acquisition is complete.
  • File System Timestamps—FEC now sets the file system timestamps of collected MIME and MSG emails based on the Internal Date attribute for IMAP servers and Gmail API, and creation and last modification dates for Exchange servers.
  • Exchange Version Autodetect—New option to have FEC automatically detect the Exchange version of the target server during Exchange acquisitions.
  • Improved output folder validation to allow the user to create a folder if it does not exist, or optionally output to an existing folder containing files as long as a previous FEC project is not found in the output folder.
  • Fixed a GUI issue that prevented the split output PSTs option from being recorded.
  • Exchange acquisitions now report non-message items both in the acquisition log and as a report named “Non-message_EWS_Items”.
  • FEC now reports the time elapsed during an acquisition session in the acquisition log.
  • Numerous other minor improvements.

Released on 6/19/2018

  • You can now acquire metadata for remaining items in a mailbox and export a metadata report.
  • It is now possible to save custom IMAP acquisition profiles and re-use them as needed.
  • FEC now alternates between batch download and individual download mode for Google API and Exchange acquisitions—this was already in place for IMAP. This helps work around memory limitations on 32-bit and low-memory systems and allows for challenging messages to be downloaded individually. More detailed logging of encountered issues is also possible at the item level, rather than at the batch level. Individual download mode is automatically triggered on every third retry attempt.
  • New user interface for acquisition settings page. It is now possible to customize an existing profile in-place without having to re-enter the server details. You can also switch from Gmail API to Gmail via IMAP or from Office 365 via EWS to Office 365 via IMAP with one click.
  • New workaround for GoDaddy’s improper handling of Inbox folder case sensitivity.
  • Resolved a very rare Gmail API issue where a mailbox snapshot would never complete.
  • Added new built-in acquisition profiles for ProtonMail and Gandi. The connection to ProtonMail requires a paid plan and installation of ProtonMail Bridge.
  • Added a new option to allow all SSL certificates when connecting to an IMAP server. This helps connect to servers with invalid SSL certificates, as well as ProtonMail Bridge which works on the local computer.
  • Added option to IMAP Search Console to search messages by their UID values—to the extent supported by the server.
  • Improved handling of Gmail labels containing the “/” character when acquiring Gmail via IMAP.
  • Moved some database calls to a separate thread for improved UI responsiveness.
  • Added safeguards to better distinguish timeouts from user-initiated cancelations.
  • User-entered information such as the target email address and output path is now instantly validated before navigating to the next page.
  • FEC will now remember user preferences when you update FEC to a newer version.
  • Numerous other minor improvements.

Released on 4/22/2018

  • Released FEC Search Console for Exchange, which allows server-side searching of Office 365 and Exchange mailboxes.
  • Preservation of Office 365 and Exchange mailboxes now supports acquisition from the “Recoverable Items” folder (also known as the dumpster in earlier versions of Exchange).
  • You can now specify the version of the target Exchange server when acquiring emails from Exchange servers.
  • Improved cancel button behavior during Exchange acquisitions.
  • It is now possible to split the output PST file by size.
  • Added a message to the user interface to clarify that the MSG output option is required in order to output to PST format.
  • Output PST files are no longer hashed if the acquisition is canceled by the user—they will be hashed if the canceled session is later resumed to completion.
  • Added logic to the installation routine to make the Windows 7 Service Pack 1 or later requirement clearer.

Released on 3/14/2018

  • Released FEC Search Console for IMAP, which allows performing server-side searches on IMAP mailboxes.
  • IMAP logs are now prefixed to indicate what stage of the forensic preservation workflow each log represents (e.g., Search Console, Mailbox Listing, Acquisition, etc.).
  • Search terms applied in Search Console (both Gmail and IMAP) are now persisted and reloaded when a previous project is opened.
  • Other minor enhancements and performance improvements.

Released on 2/13/2018

  • Improved timings of exponential backoff algorithm for better handling of Gmail and EWS API and rate limits and IMAP server throttling.
  • Improved support for using Forensic Email Collector over Remote Desktop Protocol (RDP).
  • A GUI glitch that caused the menu buttons to become unresponsive which occurred on some devices after a long time of inactivity is now fixed.
  • Improved handling of Gmail messages without labels when using Gmail API.
  • Acquisition log now reflects the correct server address depending on whether Gmail API or Gmail via IMAP was used.
  • Added software version information to acquisition and exception logs.
  • Clicking the “STOP” button during processing now asks for confirmation before stopping the acquisition.
  • Processing now starts after the “START” button is clicked on the processing page. This makes the workflow consistent between starting a new project and resuming an existing project.
  • It is now possible to evaluate Forensic Email Collector for 30 days with a project limit of 5,000 messages.

Released on 1/29/2018

  • Improved Gmail API & rate limit handling and FEC’s exponential backoff algorithm.
  • When Gmail API returns a suggested wait time, FEC now parses that time from the server response and waits until then if possible.
  • Added Network Solutions and FastMail to the built-in email providers database.
  • It is now possible to select/deselect an entire branch (i.e., folder and subfolders) by SHIFT-clicking a checkbox in the folder selection page.
  • Improved support for UNC output paths.
  • Fixed an issue where case insensitive handling of folder names by an IMAP server could prevent FEC from creating a subfolder in the output PST when the PST output option is selected.
  • Improved the feedback FEC provides to the end user when the selected output folder is not writable.

Released on 1/3/2018

  • FEC now works as a 64-bit process when executed on a 64-bit version of Windows.
  • Improved handling of Gmail mailboxes with a very large number of labels.
  • Improved response time when performing queries in Search Console with the PST output option selected.
  • When FEC is launched by running an FEC Project file (i.e., “.FECProj”), FEC now automatically loads that project.
  • It is now possible to export a list of downloaded and remaining messages after loading a previous project.
  • FEC now automatically populates the username for iCloud accounts with the local part of the target email address.
  • Added an AT&T profile for AT&T affiliated domain names. This profile can also be used for Yahoo accounts affiliated with AT&T.
  • Upon completion of an acquisition session, FEC now displays a helpful message indicating the status of the acquisition. This message also contains a hyperlink that can be used to navigate to the output folder.
  • Minor improvements to Gmail acquisition logic to work around Gmail API rate limits.

Released on 11/16/2017

  • Released FEC Remote Authenticator for Gmail API acquisitions.
  • FEC now sets the MSGFLAG_READ and MSGFLAG_UNSENT flags in output MSG files for “read” and “draft” messages.
  • FEC Search Console now displays Gmail label names instead of label IDs for better clarity.
  • List of encountered Gmail labels, including label names, message counts and label IDs, are now included in the acquisition log for Gmail API acquisitions.
  • Fixed a bug that prevented the FEC user interface from being updated when software updates were checked manually.
  • Performance improvements to how Gmail labels are captured and saved.
  • Other minor enhancements and performance improvements.

Released 10/5/2017

  • Released FEC Search Console for Gmail API acquisitions.
  • FEC now supports hardware dongle-based licensing.
  • In the event that the end user authorizes FEC using an incorrect Gmail account during Gmail API acquisitions, both the target email address and the email address that was used for authorization are now displayed to the end user for easier troubleshooting.
  • Added help menu which links to Metaspike’s online knowledge base.

Released 9/18/2017

  • Fixed issue that caused some non-administrator users to have difficulty saving FEC preferences.
  • Added built-in connection profiles for GoDaddy and Rackspace.
  • Streamlined Connection Settings page.
  • Performance improvements to PST output.
  • Added automatic update check functionality.
  • Moved custom Gmail API credential input from Preferences page to Connection Settings page.