Using AXIOM Cloud to Acquire and Process Yahoo Email
Magnet AXIOM supports many different services and platforms in its cloud product from Google, Microsoft, Facebook, Twitter, Dropbox, and many more. We also include a generic POP/IMAP connector to allow examiners to pull additional email services not explicitly included in the regular cloud providers. As long as the webmail provider supports either POP or IMAP, you can use Magnet AXIOM Cloud to pull that data into your investigation.
Our Solutions Consultant, Tim Moniot, wrote the following piece on how to acquire Yahoo email using the POP/IMAP method which we thought would be valuable to share with other AXIOM users.
Step 1: Create a Case
Using AXIOM Process create a case and add evidence
- Create New Case ⇒ Enter Case Information
- Evidence Sources ⇒ Cloud ⇒ Acquire Evidence ⇒ Acknowledge search authorization warning ⇒ Select IMAP / POP Email
Step 2: Connection Settings (Enter Connection Information)
Next, enter the appropriate information necessary to make a valid connection to the target email service. Those settings are Email Protocol (IMAP or POP), Server Port, Host Name (mail server path), User Name (including domain), and Password.
Most email providers post this information publicly, like Yahoo does.
The settings for Yahoo are as follows:
- Email Protocol: IMAP
- Server Port: 993
- Host Name: imap.mail.yahoo.com
- User Name: Email address including domain (i.e.: MyEmailAccount@yahoo.com)
- Password: Enter the user’s password for the account you wish to access
After selecting ‘Sign In’, AXIOM will authenticate to the email provider based upon the aforementioned settings. If no issues are encountered, connection wise, AXIOM will proceed to the next step in the case setup process.
Proceed to select the remainder of your processing settings, as you would for any items of evidence in your AXIOM case. If, however, you receive an error when AXIOM attempts to authenticate to the Yahoo email service, you will need to do some troubleshooting. For this, proceed to Step 3 (below).
Step 3: Troubleshooting Connection Errors
After you have entered the connection settings information, outlined above, in Step 2, AXIOM will attempt to connect to the Yahoo email service.
If you receive an error, like that showed in the screen capture below, indicating that you have entered the wrong user name or password, engage in the following troubleshooting steps.
- Check to ensure you are using the correct credentials, including email account and password, to include the full domain email address (i.e.: MyEmailAccount@yahoo.com).
- Use a web browser to enter the Yahoo mail settings for the target account (you should already have the needed credentials), proceed to ‘Account Security’ and ENABLE ‘All apps that use less secure sign in’ (see screen capture below). This is required in order to acquire and process via the POP/IMAP method with AXIOM Cloud.
This is a great way to pull webmail like Yahoo even if it’s not an officially supported service in AXIOM Cloud. Once the mail has been acquired, it will be processed into AXIOM and available for examination just like Gmail or Hotmail and can be sorted, filtered, or examined along with the rest of your case.
If you have any questions or comments, feel free to reach out to tim.moniot@magnetforensics.com.