Email Collection

A subject creates an email collection file such as a Personal Storage Table (PST) file or an MBOX file to copy an entire mailbox or subset of a mailbox containing sensitive information.

The subject creates an email forwarding rule to transport any incoming emails from one mailbox to another.

A subject retrieves email files from the local disk of an endpoint they have access to. When using an email client application (such as Outlook) typically an offline copy of the emails received by the client are stored locally on disk, providing an opportunity for a subject to retrieve them without interacting with an email server.

A subject retrieves email files from a remote email server. The subject might use their own or other obtained credentials to access an email mailbox and subsequently copy emails and/or data contained within emails. Remote email collection can be conducted against on-premises email servers, webmail, and cloud-based email services.