Proceedings of Regional Conference on Knowledge Integration in ICT 2010 467 EVALUATION OF E-MAIL ACTIVITY RECONSTRUCTION TOOLS FOR E-MAIL CLIENT Chew Eng Hin 1 , Asrul Hadi Bin Yaacob 2 , Mohd Fikri Azli Bin Abdullah 3 1 Faculty of Information Science & Technology, Multimedia University (MMU) Melaka Campus, Malaysia protolmax@gmail.com 2 Faculty of Information Science & Technology, Multimedia University (MMU) Melaka Campus, Malaysia asrulhadi.yaacob@mmu.edu.my 3 School of Electronics and Computer Engineering Chonnam National University, South Korea mfikriazli@gmail.com Abstract Electronic mail (E-mail) is one of the most common and important messaging infrastructures used in the organization. Among all the critical and important systems in the organization, E- mail system is the one that required significant ongoing investment both in technology and personnel to run smoothly. E-mail crimes are increasing from years to years. In order to cut down the number of the E-mail crime, various E-mail Forensics Tools had been introduced to recover and trace the source of the particular E-mail. Tools for E-mails allow E-mail administrators to complete common and time consuming tasks in their E-mail environment more effectively. The function of E-mail Forensics Tools can be divided into Activity Reconstruction, Message Tracing, Investigation, Forensics, Compliance, and Trend Analysis. However, the focus of this evaluation is more into E-mail Activity Reconstruction which is the first necessary step in E-mail Forensics. In E-mail Activity Reconstruction, there are tools that could read the proprietary E-mail repository format. Thus, an evaluation of E-mail Activity Reconstruction Tools is done on two open source tools and one commercial tool. These E-mail Activity Reconstruction Tools which could read DBX files are tested not only based on the basic characteristics and requirements that serve as test criteria; they are also being compared and contrasted as well. All the tests are done under a constant environment and the results are documented to provide a clear view of efficiency and accuracy of tools. Informative analysis of the results of evaluation is provided to increase understanding of E- mail Activity Reconstruction. Keywords: E-mail Forensics, E-mail Activity Reconstruction, DBX 1. Introduction E-mail is a communication method of exchanging digital information between two or more parties. E-mail system is basically based on infrastructure in which E-mail server systems accept, forward, deliver and store messages on behalf of users. From years to years, E-mail system has been improved and now it is the most widely preferred communication tool within the business field. Thus, it is the first board electronic communication in business.