DATA RECON 2.0.25

Email

DATA RECON can scan the following email locations:

If your email platform is not listed here, you can still scan your mailbox by:

  1. Enabling IMAP.
  2. Adding your mailbox as an Internet Mailbox or Internet SSL Mailbox (recommended) Target.

Google Mail (IMAP)

Requirements

Target Google Mail accounts must be a Google Apps or G Suite account. Enable IMAP to scan Google Mail accounts.

Add Credentials

Add credentials for the Google Mail Target:

  1. Click on No usernames or passwords.
    cr-targets-email-add-credentials.png
  2. In the Search target credentials dialog box, click + Add and select Google Mail.
  3. Fill in the fields:

    • Target location: Enter the target mailbox as <domain/email_address>. For example, if the target mailbox resides on the domain example.com at address user@example.com, enter example.com/user@example.com.

    • Username: Enter the email address of the target mailbox. For example, user@example.com

    • Password: Enter your mailbox password. If you have two-factor authentication (2FA) enabled, create an app password and enter it here. See Two-factor Authentication (2FA) for more information.

  4. (Optional) Enter a password under Encrypt credentials to encrypt the saved credentials.
  5. Click Ok.

Add a Google Mail account as a search location:

  1. Click on Search all local files.
    cr-targets-email-scan-local-files.png
  2. In the Search targets dialog box, click + Add and select Email.
  3. Select and expand Google Mail.

  4. Select the Add Google Apps domain field. Enter the target mailbox as <domain/email_address>. For example, if the target mailbox resides on the domain example.com at address user@example.com, enter example.com/user@example.com.

  5. Select the "Domain" Target that appears below the Add Google Apps domain field.

  6. (Optional) Select individual folders and emails to scan.
  7. Click Select to finish adding the Google Mail Target.

Two-factor Authentication (2FA)

To access Google Mail accounts with two-factor authentication (2FA) enabled:

  1. On your browser, sign into Google Mail.
  2. In Google Mail, navigate to My Account > Sign-in & security.
  3. Under the "Password & sign-in method" section, click on App passwords.
  4. Click on Select app, select Other (Custom name) and enter "Scan". Click GENERATE.
  5. In the "App passwords" page, go to the Select the app and device for which you want to generate the app password section.
  6. Google then displays a 16 character “App password”. Use the app password in place of your Google Mail password when entering credentials into DATA RECON.

Office 365 Mail (IMAP)

Requirements

Enable IMAP to scan Office 365 Mail accounts.

Add Credentials

Add credentials for the Office 365 Mail Target:

  1. Click on No usernames or passwords.
    cr-targets-email-add-credentials.png
  2. In the Search target credentials dialog box, click + Add and select Microsoft Office 365 Exchange Web Services (EWS).
  3. Fill in the fields:

    • Target location: Enter the target mailbox as <domain/email_address>. For example, if the target mailbox resides on the domain example.com at address user@example.com, enter example.com/user@example.com.

    • Username: Enter the email address of the target mailbox. For example, user@example.com

    • Password: Enter your mailbox password. If you have two-factor authentication (2FA) enabled, create an app password and enter it here.

  4. (Optional) Enter a password under Encrypt credentials to encrypt the saved credentials.
  5. Click Ok.

Add an Office 365 Mail account as a search location:

  1. Click on Search all local files.
    cr-targets-email-scan-local-files.png
  2. In the Search targets dialog box, click + Add and select Email.
  3. Select and expand Office 365 Mail.

  4. Select the field that appears underneath. Enter the target mailbox as <domain/email_address>. For example, if the target mailbox resides on the domain example.com at address user@example.com, enter example.com/user@example.com.

  5. Select the "Domain" Target that appears.

  6. (Optional) Select individual folders and emails to scan.
  7. Click Select to finish adding the Office 365 Mail Target.

Internet Mailbox

Requirements

The Internet Mailbox Target allows you to add general email accounts as Targets.

To add a general email account as an Internet Mailbox Target, the email account must:

  • Have IMAP enabled.
  • Use the default port for IMAP: 143

Add Credentials

Add credentials for the Internet Mailbox Target:

  1. Click on No usernames or passwords.
    cr-targets-email-add-credentials.png
  2. In the Search target credentials dialog box, click + Add and select Internet Mailbox (IMAP).
  3. Fill in the fields:

    • Target location: Enter the target mailbox as <domain/email_address>. For example, if the target mailbox resides on the domain example.com at address user@example.com, enter example.com/user@example.com.

    • Username: Enter the email address of the target mailbox. For example, user@example.com

    • Password: Enter your mailbox password. If you have two-factor authentication (2FA) enabled, create an app password and enter it here.

  4. (Optional) Enter a password under Encrypt credentials to encrypt the saved credentials.
  5. Click Ok.

Add an Internet Mailbox account as a search location:

  1. Click on Search all local files.
    cr-targets-email-scan-local-files.png
  2. In the Search targets dialog box, click + Add and select Email.
  3. Select and expand Internet Mailbox.

  4. Select the Add imap host field. Enter the target mailbox as <domain/email_address>. For example, if the target mailbox resides on the domain example.com at address user@example.com, enter example.com/user@example.com.

  5. Select the "Domain" Target that appears.

  6. (Optional) Select individual folders and emails to scan.
  7. Click Select to finish adding the Internet Mailbox Target.

Internet SSL Mailbox

Requirements

The Internet SSL Mailbox Target allows you to add general email accounts as Targets.

To add a general email account as an Internet SSL Mailbox Target, the email account must:

  • Have IMAP enabled.
  • Use the default port for IMAP: 143

Add Credentials

Add credentials for the Internet SSL Mailbox Target:

  1. Click on No usernames or passwords.
    cr-targets-email-add-credentials.png
  2. In the Search target credentials dialog box, click + Add and select Secure Internet Mailbox (IMAPS).
  3. Fill in the fields:

    • Target location: Enter the target mailbox as <domain/email_address>. For example, if the target mailbox resides on the domain example.com at address user@example.com, enter example.com/user@example.com.

    • Username: Enter the email address of the target mailbox. For example, user@example.com

    • Password: Enter your mailbox password. If you have two-factor authentication (2FA) enabled, create an app password and enter it here.

  4. (Optional) Enter a password under Encrypt credentials to encrypt the saved credentials.
  5. Click Ok.

Add an Internet SSL Mailbox account as a search location:

  1. Click on Search all local files.
    cr-targets-email-scan-local-files.png
  2. In the Search targets dialog box, click + Add and select Email.
  3. Select and expand Internet SSL Mailbox.

  4. Select the Add imap host field. Enter the target mailbox as <domain/email_address>. For example, if the target mailbox resides on the domain example.com at address user@example.com, enter example.com/user@example.com.

  5. Select the "Domain" Target that appears.

  6. (Optional) Select individual folders and emails to scan.
  7. Click Select to finish adding the Internet SSL Mailbox Target.

Lotus Notes

Requirements

The Lotus Notes client must be installed on the host running DATA RECON. Scans works best with a single-user installation of the Lotus Notes client.

Supported Lotus Notes clients:

  • Lotus Notes client 8.5.3
  • Lotus Notes client 9.0.1

To see which versions of IBM Domino these clients support, see IBM Support: Supported configurations for IBM Notes and Domino.

Add Credentials

Add credentials for the Lotus Notes Target:

  1. Click on No usernames or passwords.
    cr-targets-email-add-credentials.png
  2. In the Search target credentials dialog box, click + Add and select Secure Internet Mailbox (IMAPS).
  3. Fill in the fields:

    • Target location: Enter the Lotus Domino server domain name.
    • Username: Enter a Lotus Notes User Name to scan that user’s mailbox. This should be in the format <user_name/lotus_domain>. See Lotus Notes User Name for more information.
    • Password: Enter the user’s password.
  4. (Optional) Enter a password under Encrypt credentials to encrypt the saved credentials.
  5. Click Ok.

Add a Lotus Notes account as a search location:

  1. Click on Search all local files.
    cr-targets-email-scan-local-files.png
  2. In the Search targets dialog box, click + Add and select Email.
  3. Select and expand Lotus Notes.

  4. Enter your Lotus Domino server domain and press enter.

  5. Select the "Domain" Target that appears.

  6. (Optional) Select individual folders and emails to scan.
  7. Click Select to finish adding the Lotus Notes Target.

Lotus Notes User Name

To find your Lotus Notes user name:

  1. Open the Lotus Notes client.
  2. From the menu bar, select File > Security > User Security.
  3. A password prompt opens. In the prompt, your Lotus Notes user name is displayed in the format <user_name/lotus_domain>.
    er2-lotus-notes-username.png
  4. If no password prompt opens, find your Lotus Notes user name in the User Security screen.
    er2-lotus-notes-user-security.png

Locally Stored Email Data

(Not recommended) You can scan locally stored email data by running a Local Storage scan on the data storage files for that particular email client or server.

Scanning locally stored email data instead of running an Internet Mailbox scan runs the risk of finding false positives in places not accessible through querying the email server itself, such as ghost records or slack space.

Scanning Information Stores

Email servers store data in information stores that can be accessed when performing a Local Storage scan. For instance, Microsoft Exchange servers store data in Microsoft Exchange Information Store files (EDB and STM files). Do not run a scan on an information store currently in use by an email server. Instead:

  1. Make a backup of the information store files.
  2. Run a Local Storage scan on the backup information store files.
Remediate matches found in Information Stores

Remediation is limited for matches found in information stores, as modifying an information store may cause irreversible loss of data. For Microsoft Exchange Information Stores, the following remediation options are disabled:

  • Mask matches
  • Deleting individual matches (attempting to delete matches will permanently erase the Microsoft Exchange Information Store file being remediated)