Skip to content
Metaspike Support Documentation

Getting Started with Forensic Email Intelligence

System Requirements

Section titled “System Requirements”

We recommend that you install Forensic Email Intelligence (FEI) on a computer along these lines:

  • PC running 64-bit Windows 10 Version 1607+ or later
  • Quad-core processor
  • 16 GB or more RAM
  • Stable internet connection if you will be using online APIs for enrichments

If you’re behind a firewall, you may also need to open a few ports for FEI to be able to access external APIs (if enabled).

Installation & Licensing

Section titled “Installation & Licensing”

Installing FEI takes only a few minutes:

  • Follow the download link we sent you when you purchased FEI and grab a fresh copy
  • Run the installer
  • If you have a dongle, plug it into your computer
  • Launch FEI
  • If you do not have a dongle, click the I have a soft license key… button and enter your license key

That’s it. You are now ready to investigate emails!

Independent Viewer Mode

Section titled “Independent Viewer Mode”

The fastest way to start using FEI is to launch it in independent viewer mode. You can do this in two ways:

Launch the main FEI application, click on the Launch Viewer button, and drag an EML, EMLX, or MSG message onto the viewer.

Alternatively, open an EML, EMLX or MSG file with FEI by right-clicking on the file, navigating to the Open With menu item, and choosing Forensic Email Intelligence from the list. If FEI is not on the list, you can browse to the FEI executable in your Program Files folder.

Integrations

Section titled “Integrations”

FEI can connect to external APIs such as MaxMind, SecurityTrails, and EmailRep to gather intelligence on IP addresses, domain names, and email addresses. You can activate these integrations by clicking on the ⚙️ Settings menu item in Forensic Email Intelligence Viewer and entering your API credentials for each service.

Connected Mode

Section titled “Connected Mode”

If you would like FEI to analyze multiple emails, you can create an FEI project as follows:

  • Launch the main FEI application, click New Project, and follow the wizard
  • Add evidence folders or files easily by browsing to them or dragging them on FEI’s user interface
  • If you have existing Forensic Email Collector projects, add only the .FECProj files, not the actual data that was acquired

FEI will ingest all emails, score them, and display them in a grid view. You can double-click on any email item to open the viewer, which will operate in tandem with the grid view.

Resources

Section titled “Resources”

We recommend that you join the Metaspike Community to connect with other DFIR professionals, learn tips and tricks, and share your experiences.

If you would like to make suggestions for new functionality, our idea board is the place to visit. You can upvote existing feature requests or send us your own feedback.

Our walkthrough videos and webinar recordings are a great place to learn more about FEI and email forensics in general.

Need a helping hand? Don’t hesitate to get in touch at any time. We’re looking forward to hearing from you!