Forensic email analysis for law enforcement

Cutting-edge email forensics and reverse engineering applied to email based evidence and cybercrime detection.

The evidence you need is there in the email, use PhishTool to unlock it

Increasingly law enforcement agencies and partners are expected to have an investigative capability in cyber crime. Phishing represents a sizeable proportion of reports to both local and national law enforcement agencies and partners, where victims experience crimes ranging from extortion resulting in psychological trauma, to fraud resulting in businesses going under.

Law enforcement agencies and partners require a means to forensically interrogate primary evidence in the form of emails, in order to establish fact and draw inferences - helping to establish the origin of an email and to enumerate the methods used to commit the offence.

PhishTool utilises email meta data, open source intelligence, guided forensic analysis and automated detection of social engineering techniques to provide a highly detailed forensic picture of an email. The output of PhishTool includes an automated forensic report, detailing the technical facts present in email, which can then be used to corroborate other investigative findings.

Suitable for officers and staff with a range of training and experience - PhishTool builds in contextual explanatory notes, combined with an analytical traffic light system, producing a powerful guided analysis pathway that reveals the facts of an email, which may otherwise go undetected.

PhishTool represents an accessible tool for law enforcement and partners, that enables officers and staff to take advantage of advanced analysis, reverse engineering and open source intelligence techniques in a single platform, to produce a forensic product which could prove invaluable in the detection of cyber crime.

Understand the methods of used by criminals to target victims

PhishTool uses email meta data, built-in open source intelligence and guided analysis pathways paired with powerful automatic social engineering detection to provide a comprehensive picture of methods used to target a victim. PhishTool's analysis can reveal source IP addresses, URLs used to serve malicious content and email infrastructure used to send the phishing email.

Securely collaborate on investigations

PhishTool includes real-time updating of analysis, so multiple team members can collaborate on the same investigation. Use our classification framework to standardise the recording of the findings of an analysis. Once an analysis is complete, a detailed forensic report can be generated which automatically records all relevant findings in an easy-to-understand format. Team members can also record the permanent secure URL to link directly to the analysis in any case management system.

Use reverse engineering techniques to go deeper

PhishTool includes the ability to conduct the initial stages of reverse engineering directly in the analysis console. Use strings to glean malicious IPs and URLs from file attachments. Use the secure browser to safely navigate to malicious web pages embedded in an email whilst recording all inbound and outbound web activity. Use our third-party integrations to connect to industry leading threat intelligence providers, without any complicated configuration.

No configuration, nothing to install, with expert support included

PhishTool is Software as a Service, accessible in any modern web browser. There is nothing to configure or install, as a result it is ready to use from day one. PhishTool provides the ability to secure accounts with Multi-factor Authentication using any Time-based One-Time Password software. Our support team are available to respond to any questions or issues you might have, from simple account questions, to detailed email forensics questions, without any additional cost.

PhishTool Community

Phishing reverse engineering for individuals in the security community. Free forever.

PhishTool Enterprise

Complete phishing incident response for professional security teams.

PhishTool

PhishTool Limited, International House,
24 Holborn Viaduct,
London,
EC1A 2BN
United Kingdom

Copyright © 2021 PhishTool Limited. All rights reserved.