Mozilla Thunderbird
Overview
Section titled “Overview”Evidence: Mozilla Thunderbird
Description: Collect Mozilla Thunderbird Emails
Category: Applications
Platform: windows
Short Name: thndr
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”Mozilla Thunderbird is an open-source email client that stores emails in MBOX format within profile directories. It supports POP3 (Mail folder) and IMAP (ImapMail folder) accounts, storing messages locally in the profile.
Data Collected
Section titled “Data Collected”This collector gathers structured data about mozilla thunderbird.
Collection Method
Section titled “Collection Method”This collector gathers Thunderbird email folders from user profile directories, collecting both local Mail and IMAP ImapMail directories containing email messages.
Forensic Value
Section titled “Forensic Value”Thunderbird email data provides evidence of correspondence, attachments, and communication patterns. This is valuable for investigating email-based attacks, data leaks, and establishing communication timelines in investigations.