Forensic Email Collector

Forensic Email Collector

Expertly preserve email evidence without breaking a sweat. Get plug & play output for digital forensic investigations and eDiscovery.

Learn MorePurchase Now for $699

Powerful & Intuitive

Forensic Email Collector is a powerful tool—it can forensically acquire emails from Exchange Servers, Office 365, Gmail, G Suite and virtually any IMAP server with many output options and detailed logs. It is also remarkably intuitive. You can get started in just a few minutes and preserve emails and document your efforts with a few clicks.

This small Gmail and Google Calendar collection takes place in about a minute—complete with logs, hashing, and simultaneous output in EML, MSG and PST formats. That’s faster than the time it takes to launch some software!

Gmail forensic preservation

Flexible Connectivity

Forensic Email Collector can connect to most popular email servers and cloud email providers. You are not stuck with IMAP or POP for forensic email preservation.

office 365 exchange

Office 365 & Exchange via EWS

FEC can connect to Exchange servers—including Office 365—via Exchange Web Services. You can preserve emails faster and more accurately, and without having to configure the target Exchange server for IMAP access.

Gmail & G Suite via REST API

FEC authenticates with Gmail and G Suite using OAuth and forensically acquires mailboxes at eye-watering speeds via Gmail API. Say goodbye to downloading the same message multiple times because of overlapping labels.

imap forensic collection


FEC connects to IMAP & POP servers in a read-only manner and preserves email evidence without modifying the target mailbox., Hotmail, Yahoo Mail, Zoho, iCloud and AOL Mail are just a few supported providers.

Exchange, Office 365, Exchange Web Services, EWS, Gmail and G Suite are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

In-place Search

We all run into cases where collecting a mailbox as a whole is not an option—often due to privacy or timeframe concerns. On the other hand, eDiscovery and digital forensics workflows often involve a full collection, followed by post-acquisition searches.

Forensic Email Collector solves this problem in a creative way. You can perform instant in-place searches on mailboxes on the server before the acquisition and forensically preserve only the search results. No need to create labels, tag documents, or make any changes to the target mailbox.

Have a list of terms or expressions to search for? You can load them from file and get a hit count report per line with a few clicks!

"Your tool rocks! Finally a tool that does what it says it does! Thank you!"

Josh FazioPartner @ InfoForense

“I love your product. Even though I have the ability to download PSTs directly from O365, I use FEC every time. Why? Because FEC works EVERY time and “O365 export to PST” fails more often than it works.”

Jason Park, CCCE, CCFPCyber Security & e-Discovery @ Fortune 500

"FEC has proven to be successful for every project that I’ve used it on. I recommend it wholeheartedly."

David Lyon, RCAeDiscovery Consultant @ Connect Discovery

Features at a Glance

In-place Search

Instantly search Gmail / G Suite, Office 365 / Exchange, and IMAP mailboxes before the acquisition.

Resume Past Projects

Did an acquisition get interrupted? No problem; we can resume a past project when you are ready.

Detailed Reports

Detailed acquisition and exception reports so that you can record and document exactly what happened, when and why.

Automatic Retries

FEC can automatically retry acquisition as many times as you want. You don’t have to go back to square one because of a pesky server or due to network issues.

OAuth Support

You can connect to Gmail, G Suite, and Office 365 via OAuth 2.0 instead of using credentials. No need to enable “access for less secure apps”.

Flexible Output Options

FEC can output to EML, MSG or PST format. You can export to all three simultaneously—complete with MD5, SHA1 or SHA256 hashing of the output.

Mailbox Snapshots

Mailbox Snapshots

As soon as you start an acquisition, Forensic Email Collector captures snapshots of each mail folder. The snapshots are used to keep track of which mail folders and messages have been downloaded.

If you run into a network error or if the server throws a fit—free email providers are notorious for throttling large scale downloads—FEC automatically retries remaining messages as many times as you want, calculating an optimal delay amount between each retry session.

Mailbox snapshots are persisted in a database. So, you can even stop the acquisition and resume it later by loading a past project.

Calendars, Contacts & Notes

Forensic Email Collector doesn’t stop at emails. You can also forensically acquire events from Google Calendars and appointments, contacts, and notes from Exchange servers.

Just like emails, these items can be exported in MSG and PST formats in addition to generic formats such as iCalendar (.ics) and vCard (.vcf) depending on item type.

Google Calendar

Battle-Tested Software

Some of the world’s most prestigious organizations—from law enforcement agencies to law firms, corporations, and service providers—trust Forensic Email Collector to secure email evidence in mission-critical projects.

Its accuracyreliability, and outstanding performance make Forensic Email Collector the go-to tool of professionals for anything from single mailbox collections to enterprise-wide email preservation projects.

It’s in The Details

We have added a few features to FEC to make sure it is a joy to use.

Exchange Autodiscover

When preserving email evidence from an Exchange server, you may not immediately know the Exchange Web Services (EWS) endpoint URL. FEC utilizes the Exchange Autodiscover service to automatically configure itself using the target email address and password.

Built-in Connection Profiles

FEC includes built-in connection profiles—including host name, protocol, port and SSL settings—for hundreds of popular domain names used by email service providers such as Gmail, Yahoo, and iCloud. If the target email address matches one of the profiles, server settings are populated automatically for you.

MX Lookup

As soon as you type the target email address, FEC checks the domain name to see if it fits one of the pre-configured profiles such as Gmail,, Yahoo, etc. If it does not, it looks up the mail exchanger records (MX records) to determine the mail servers handling email messaging for the target user’s domain.

Full IMAP Audit Trail

When you use the IMAP protocol, FEC keeps a detailed log of IMAP communications with the server in addition to its standard acquisition and exception logs. You can do a play-by-play of what FEC asked the server and how the server responded if that’s your thing.

Buy now and change the way
you preserve email evidence.

As soon as we receive your order, we will email you an electronic download link and your license key.