Zimbra is a free and open source desktop-based email client developed by Zimbra Inc. and released in the year 2005. In addition to this, it also has a commercially supported version that has closed-source components. It is compatible with both POP and MAPI supporting email clients like Yahoo, MS Exchange, Gmail, etc.
Zimbra Collaboration Suite Connector for Outlook (ZCO) enables the users to synchronize Zimbra with MS Outlook. It enables the users to work in an offline mode with Zimbra data. Once the ZCO is installed in the user machine, Outlook will automatically synchronize with the Zimbra server and the entire Zimbra data will be accessible in Outlook. This synchronized Zimbra server data is stored in a ZDB file. The entire Zimbra server data items like emails, folders, tags, contacts, calendars, reminders, etc. will be synchronized with the Outlook profile and saved in the ZDB file format.
With an increase in the number of Zimbra users, the number of cybercrimes done has also increased at an alarming rate. Therefore, when it comes to investigate a particular crime involving Zimbra server, ZDB files can serve to be of great use.
The default location of the zimbra.zdb file varies on the basis of Windows version being used:
Windows XP: Local Settings\Application Data\Microsoft\Outlook folder
Windows XP: C:\Users\AppData\Local\Microsoft\Roaming
The above-mentioned locations are the default locations of the ZDB file. In case the user wants to change the location of these files, it can be easily done. The time required for changing the location depends on the size of the mailbox. The maximum size of Zimbra ZDB file format for Outlook 2010 is 50 GB. The data stored in the file enable the forensicators to carve out evidence related to a particular crime.
While accessing ZDB files, at times, the investigators may come across a few challenges that can hinder the entire process. Some of the challenges that are most likely to occur are:
The challenges mentioned in the previous section prove to be hindrances in effective assessment of the Zimbra ZDB file. In order to scan the file for extracting evidences from it, the right solution is necessary. When opened and viewed with an external solution, users can access the ZDB file and carve out the evidence without any issues. These external solutions enable the users to open and view the ZDB file format even in the absence of Zimbra for Outlook Connector. Installation of MS Outlook is the only pre-requisite that needs to be fulfilled evidence carving.