Learn to use Forensic Email Intelligence
1. System Requirements
We recommend that you install Forensic Email Intelligence on a computer along these lines:
- Windows 7 SP1 or later (64-bit required)
- .Net Framework 4.7.2
- Quad-core processor
- 16 GB or more RAM
- Stable internet connection if you will be using online APIs for enrichments
2. Installation & Licensing
Installing FEI takes only a few minutes:
- Follow the download link we sent you when you purchased FEI and grab a fresh copy
- Run the installer
- If you have a dongle, plug it into your computer
- Launch FEI
- If you do not have a dongle, click the I have a soft license key… button and enter your license key
That’s it. You are now ready to investigate emails!
3. Independent Viewer Mode
The fastest way to start using FEI is to launch it in independent viewer mode. You can do this in two ways:
Launch the main FEI application, click on the Launch Viewer button, and drag an EML or MSG message onto the viewer.
Open an EML or MSG file with FEI by right-clicking on the file, navigating to the Open With menu item, and choosing Forensic Email Intelligence from the list. If FEI is not on the list, you can browse to the FEI executable in your Program Files folder.
FEI can connect to external APIs such as MaxMind, SecurityTrails, and EmailRep to gather intelligence on IP addresses, domain names, and email addresses. You can activate these integrations by clicking on the Settings ⚙ menu item in Forensic Email Intelligence Viewer and entering your API credentials for each service.
5. Connected Mode
If you would like FEI to analyze multiple emails, you can create an FEI project as follows:
- Launch the main FEI application, click New Project, and follow the wizard
- Add evidence folders or files easily by browsing to them or dragging them on FEI’s user interface
- If you have existing Forensic Email Collector projects, add only the .FECProj files, not the actual data that was acquired
FEI will ingest all emails, score them, and display them in a grid view. You can double-click on any email item to open the viewer, which will operate in tandem with the grid view.
This was just a quick tour. When you have a moment, check out our knowledge base for details.
Join the Metaspike Community to connect with other DFIR professionals, learn tips and tricks, and share your experiences.
If you would like to make suggestions for new functionality, our idea board is the place to visit. You can upvote existing feature requests or send us your own feedback.
Our walkthrough videos and webinar recordings are a great place to learn more about FEI and email forensics in general.
Need a helping hand? Don’t hesitate to get in touch at any time. We’re looking forward to hearing from you!