One way to accomplish this in Gmail’s user interface is to check the checkbox next to the message, and then to mark it as “read” using the “Mark as read” menu item in the toolbar.
But, they marked it as “read” without opening the message. That is, they were presented with the message. State: Unopened and marked as read, Seen, Marked unimportantĪs expected, the Unopened and marked as read post-delivery message status reflects precisely what the end-user did.
Now things are getting interesting! Opened and marked as unread indicates that the user opened this message, and then subsequently marked it as “unread”. State: Opened and marked as unread, Seen, Marked unimportant Consistent with what we would expect for this message-the end-user was presented with the message, they opened it, and it was marked “read”. Opened and read indicates that the end-user opened and read the message. State: Opened and read, Seen, Marked unimportant It indicates that the message is marked unimportant-in this case, this was a system action, not a user action.īelow is a screenshot of what this looks like on the Google Admin user interface. The Marked unimportant post-delivery message status is self-explanatory. Consistent with what we expect for this message. Unopened and unread indicates that the end-user did not open or read the message. Here, the Seen post-delivery message status indicates that the message was listed in the user’s view when they opened Gmail. State: Unopened and unread, Seen, Marked unimportant Google Workspace admins can perform these searches here. We will now go over the results of an email log search. That is, it was never included in the list of messages presented to the end-user when they logged into Gmail’s web interface. Message #5: The end-user never encountered this message. Message #4: The end-user marked this message as “read” without opening it. Message #3: The end-user opened this message, and then marked it as “unread”. Message #2: The end-user opened this message. Message #1: The end-user encountered this message in their mailbox when they logged into Gmail’s web interface, but never opened it. The end-user took the following actions on these messages:
Let’s look at the post-delivery message details for five messages in Google Workspace. Specifically, the post-delivery message details for your target message. The first place you would want to look at when investigating message activity in Google Workspace is Email Log Search. Email Log Search in Google Workspace (aka G Suite) Let’s take a look at some of the strategies we can use. The answers to these questions depend on whether you are targeting Gmail or Google Workspace, and how far back the activity occurred. But, could we determine what happened in the past? For example, did the end-user read a message and then mark it as “unread”? What else did they do? When? Instead, we’ll get right into the more exciting stuff! Investigating Historical Message Read Status ActivityĬapturing whether a message is marked as “read” or “unread” during forensic preservation is certainly useful. In the context of Gmail / Google Workspace, FEC, Google Vault, Google Takeout, and IMAP all support this in different ways. Preserving the “read” status of messages during forensic email preservation is part of virtually any forensic email preservation workflow. I wanted to write this quick post to lay out some of the possibilities in this area when targeting Gmail or Google Workspace-formerly known as G Suite. While supporting Forensic Email Collector, I have answered a few queries along these lines very recently.
0 kommentar(er)
