Boolean Search is a search function in Stellar Email Forensic that allows you to combine keywords by using operators such as AND, OR, and NOT. Boolean Search provides a powerful utility to narrow down search results as per your requirements.
The three Boolean operators with keywords x and y can be used as:
1. x AND y: Search results will include items that have at least one x and one y.
Example: Search parameters are e AND f Search results may include giraffe, feather, file, etc. They won’t include fall, elastic, bandwidth, etc.
2. x OR y: Search results will include items that have at least one x or one y.
Example: Search parameters are e OR f Search results may include elementary, key, and fix, etc. They won’t include switch, copy, etc.
3. NOT x: Search results will include items that don’t have x.
Example: Search parameter is NOT e Search results may include items that contain words like plan, disk, sound, etc. They won’t contain items that have words: folder, service, etc.
Note: You can combine multiple Boolean operators in a single search query.
Additional Functions
Parenthesis
When using multiple Boolean operators in a single search query, use Parenthesis “()” to define the priorities of different operators.
Example: The search query NOT ( Adam OR File ) will find items that don’t contain “Adam” or “File”.
Note: Put a single space before and after the opening and closing parenthesis like “ ( ” and “ ) ”.
Using Boolean Search in Stellar Email Forensic Tool
To use Boolean Search:
1. Click Search tab in Navigation Pane [See Image 1].
Image 1: Search Tab in Stellar Email Forensic
2. Select Boolean Search from Type dropdown menu if it’s not selected already.
3. Enter the search query in Search text field. Select Whole Word checkbox above this field if you want to search whole word.
4. Select the email components where you want to search by selecting appropriate checkboxes in Search In section (all components are selected by default, but you can unselect them).
Search In section has these options: Subject, Body, RFC Header, Attachment Name, and Attachment Body. You can also select the extension types where the search is performed by clicking Attachment Type button.
Note: Search won’t be performed on an attachment body if the attachment is password-protected.
5. Enter the email address of the sender and recipient whose emails you want to search in Sender and Recipient section (optional step).
- Select From checkbox and enter the email address of the sender.
- Select To checkbox and enter the email address of the receiver.
- Select Cc checkbox to find emails in which the email address in Cc field is the same as in To field entered by you.
- Select Bcc checkbox to find emails in which the email address in Bcc field is the same as in To field entered by you.
Note: You can enter a Boolean expression in From and To fields to narrow down the results further.
5. Specify a date range for search in Set Date Range section.
- Click Add Filter button on the right. A new row with Operator, From, and To will appear in Set Date Range section.
- Select the desired operator from the dropdown menu in Operator column: AND, OR, or NOT
- Select the date in From and To columns by using the dropdown Calendar or manually enter the dates
Note: To remove a filter, select it in the table and click Remove Filter button. By default, search is performed on all the added mailbox files. If you want to perform the search on specific files then click Browse button. Select the desired files using the check-boxes in front of them and click OK.
6. Click Search button to start the search.
When search is completed, a dialog box with “Search Completed” will appear with the total number of emails and attachments found.
7. Click OK to close the dialog box.
8. Review the search results that are displayed in the lower pane with tabs for Mail and Attachment.