Our Members:

Google Takeout and Email Forensics

Email is often an essential component in modern litigation cases. While Apple’s mail dominates the market, the second largest email hosting provider is Alphabet’s Gmail™. So what are the options for getting email from google? Google Takeout is a tool offered by Google that allows users to download their data from various Google services such as Gmail, Google Drive, Google Calendar, etc. Another option is for computer forensic examiners and legal professionals to use specialized email forensic software packages to extract and analyze data from email accounts. Although both tools extract data, they serve different purposes and diverge in features.

Google Takeout is a user-friendly tool that allows individuals to export their data. It offers a simple process of selecting the data one wants to download and export it to a compressed file format. The tool is free for anyone with a Google account. Data exported through Google Takeout includes emails, contacts, calendars, Google Drive files, Google Maps data, and more. The email is provided in the mbx format. The mbox format consists of a text file that contains a series of email messages, each separated by a line that starts with "From". The content of each message is preceded by a header section that contains information such as the date, subject, sender, and recipient. The message body follows the header section and contains the actual text of the message.

Email forensic software packages are professional tools, which extracts and analyzes email data. These include Axiom Cyber or Forensic Email Explorer. These tools allow a more target email extraction than is possible with Google Takeout. Email forensic software packages can extract email data from various email providers such as Gmail, Yahoo, and Microsoft Exchange. They often support multiple file formats, including PST, EML, and MBOX. 

-PST stands for Personal Storage Table, which is a file format used by Microsoft Outlook for storing emails, contacts, calendar items, notes, and tasks. The PST file format is a binary file format, which means it is not human-readable. The file extension for PST files is ".pst." The tool can extract a large amount of data, including email metadata, attachments, and other related data.

-The EML (Electronic Mail Message) file format is used to save email messages as individual files. It is a plain text file that contains the email header, body text, attachments, and other data. The format is widely used by email clients such as Microsoft Outlook and Mozilla Thunderbird.

The structure of an EML file typically includes:

Message Headers: This section contains information such as the sender, recipient, subject, date, and time.

Body Text: This section contains the actual message text.

Attachments: This section contains any attachments that were included with the email.

MIME (Multipurpose Internet Mail Extensions) Encoding: This section contains information about the encoding used to send the email.

One of the significant differences between Google Takeout and email forensic software is the level of control each tool offers. Google Takeout provides a simple process of selecting the data one wants to download and export it to a compressed file format. The process is straightforward and requires minimal technical knowledge. On the other hand, email forensic software packages offers a more advanced level of control and well as extensive logging. For example in google takeout to get highly targeted messages, the user applies tags to the individual messages, which become part of the email extraction. This essentially modifies the data to a certain degree, which is not ideal for computer forensic or legal purposes.

When Internet Engineering Task Force (IETF) developed the  formal document that outlines proposals, standards, or technical specifications, which is commonly referred to a Request for Comment (RFC). When it comes to email messages, the most important RFC is RFC 5322, which defines the format and structure of Internet Message Format (IMF) and is commonly referred to as the "Internet Message Format Standard." This RFC defines the syntax and rules for constructing email messages and is used by email clients and servers to exchange messages over the Internet. Specialized email forensic software pay particular attention this RFCs.

Cost is another significant difference between Google Takeout and Email forensic software packages. Google Takeout is a free tool offered by Google, making it accessible to anyone with a Google account. On the other hand, Email forensic software package are commercial products, which require license and maintenance fees. The cost of the device depends on various factors, such as the number of licenses purchased and the level of support required.

In conclusion, Google Takeout and email forensic software packages are very different tools used for different purposes, but they do share some commonalities. Google Takeout is a user-friendly tool that allows individuals to export their data from Google services for free. On the other hand, email forensic software packages are a professional tools used for forensic and are more expensive due to their advanced features and capabilities. However, both tools extract email data, which continues to pay a significant role in modern legal matters.


The American Society of

     Digital Forensics & eDiscovery, Inc®

      For Digital Evidence Experts™

      2451 Cumberland Parkway, Suite 3382 

     Atlanta, GA 30339-6157

     (404) 919-1143











Copyright 2024

All Rights Reserved

Powered by Wild Apricot Membership Software