Novell is now a part of Micro Focus

Email Investigation with Nexic Forensics

Novell Cool Solutions: Tip
By Nexic

Digg This - Slashdot This

Posted: 13 Oct 2005

By Angela Williams

There have been discussions in Cool Solutions recently about investigating specific email accounts for security reasons. You might be interested to know about a new product, Nexic Forensics, which has taken email investigation to a new level. Forensics is an innovative application designed to aide with investigating illegal behavior, confidentiality violations or security concerns within any live GroupWise account without having to know the account password, leaving no trace the account was ever investigated.

Forensics is used by members of legal departments, Human Resources, corporate security, team managers, or corporate management, giving them the ability to transparently inspect and monitor all aspects of an employee's email communication. When an unopened message is opened by an investigator, the message opened status in the account remains unopened, so the account owner does not know the message has been read.

Forensics was designed to give GroupWise investigators unlimited access to GroupWise accounts. Administrators have the ability to control access rights allowing only authorized users with proper security credentials to perform an investigation on approved accounts. Authorized investigator rights can be limited to view a single account, accounts in a distribution list, post office, domain, or system, and their access rights can automatically expire after a certain date.

Forensics makes it easy to investigate users by providing a familiar look and feel that is similar to the GroupWise Windows client, an interface investigators are already familiar with. Forensics was designed to act just like GroupWise to eliminate the need for training, and gives investigators the ability to search for email by keyword, phrase, date range, attachment names, folders or recipients.

Nexic Investigation Control is the administration application used to define authorized users, approved accounts to investigate, access rights, audit and feature options. Rights that investigators may be granted are:

  • Printing messages
  • Viewing recipients of a message
  • Saving messages outside of GroupWise
  • Forwarding messages to another GroupWise account

An example scenario might be: You receive a request from your Legal department that Richard is being investigated for sending confidential email to other people. You need to give Jon, Richard's manager, rights to transparently monitor Richard's account for the next two weeks. Jon should not be able to access any other account, only Richard's. Using Investigation Control, you create the access key file to allow Jon to do what he needs for the next two weeks. You give Jon this key file and a copy of Discovery Client.

For Jon, there are only two steps required before he can investigate Richard's account. They are the same steps required when using the GroupWise client to login and then proxy. (1) Jon runs Discovery Client, enters his GroupWise user ID and password, then selects the key file you gave him. (2) When the client opens he can then select Richard's account. Jon can then browse through the folders, open, print or save messages, or perform a search for specific information. Richard will have no idea Jon has opened or read any messages, since the messages still appear as unopened in Richard's account. Two weeks later, Jon can no longer access Richard's account using Discovery Client because the access rights have expired.

Email is often the most dangerous element relative to information security and compliance violations. Examining email should be a critical part of any information security policy. Forensics makes it simple and easy for investigators to securely access user accounts undetected, and controls what accounts can be accessed by authorized users.

Some of the benefits of Forensics are:

  • Confidential - Undetectable by the user being investigated
  • Real-time viewing, printing or saving of messages in another account
  • Read-only access to account under investigation
  • Administrators can control who can access other accounts
  • GroupWise Windows client look and feel
  • Full GroupWise search capabilities
  • Discovery Client files are less than 2 MB in size
  • Discovery Client is accessible from within the GroupWise Windows client

Nexic Forensics is the first and only security monitoring product for GroupWise that gives an administrator control over who can view, save, and print messages in approved accounts, while giving the user a rich, familiar GroupWise client-like user interface. For more information on this exciting and industry-leading technology from Nexic, visit

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates