±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 7 Overall: 36105
New Yesterday: 9 Visitors: 126

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Proton Mail Acquisition

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2, 3  Next 
  

vkskain
Newbie
 

Proton Mail Acquisition

Post Posted: Jul 24, 19 13:19

Hello All,

How can we acquire the proton mail data?
I have found that the FEC and proton mail bridge is applicable only for paid proton mail accounts. Here is the reference link (https://docs.metaspike.com/article/37-acquiring-protonmail-with-fec).
But what about the non paid accounts? has anyone encountered the same problem? Any inputs are much appreciated. Thanks in advance.  
 
  

deeFIR
Member
 

Re: Proton Mail Acquisition

Post Posted: Jul 25, 19 00:42

Any remote connection function is limited to paid accounts only, as you've identified.

If you want to export emails for a non-paid account, you need to login to the web-based interface, select each email and then export it all manually. Should you decide to go this way, just make sure you note why you've done it (ie platform limitations) and thoroughly document the process.  
 
  

passcodeunlock
Senior Member
 

Re: Proton Mail Acquisition

Post Posted: Jul 25, 19 07:11

Or upgrade on your own costs to a paid account (very little investment) and do the exporting fast and well documented using FEC, as you mentioned in the first post...
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 
  

deeFIR
Member
 

Re: Proton Mail Acquisition

Post Posted: Jul 26, 19 07:21

- passcodeunlock
Or upgrade on your own costs to a paid account (very little investment) and do the exporting fast and well documented using FEC, as you mentioned in the first post...


That depends on the authority he's acting under. If it's only allowing him to extract the emails, then he needs to work within the confines of that legislative framework. Controlling the account, upgrading, changing account data all has certain implications (which I'm sure you're aware of). I'd recommend that unless you have complete authorisation to do so (ie the account is being surrendered or you have some legislative authority) that you act carefully and perhaps conduct a manual extraction.  
 
  

dandaman_24
Senior Member
 

Re: Proton Mail Acquisition

Post Posted: Jul 26, 19 08:00

Can you get the data onto to sync onto a mobile app and then decrypt the data from the .db from there ?  
 
  

passcodeunlock
Senior Member
 

Re: Proton Mail Acquisition

Post Posted: Jul 28, 19 18:26

Not really, that is the problem.
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 
  

passcodeunlock
Senior Member
 

Re: Proton Mail Acquisition

Post Posted: Jul 28, 19 18:30

- deeFIR
That depends on the authority he's acting under. If it's only allowing him to extract the emails, then he needs to work within the confines of that legislative framework. Controlling the account, upgrading, changing account data all has certain implications (which I'm sure you're aware of). I'd recommend that unless you have complete authorisation to do so (ie the account is being surrendered or you have some legislative authority) that you act carefully and perhaps conduct a manual extraction.


Upgrading a free protonmail account to a paid account doesn't affect in any way the user content data.

A professional examiner would always comply to the rules, but it is really nice that deeFIR reminds everybody to do so Smile
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 

Page 1 of 3
Page 1, 2, 3  Next