SysTools Mozilla Thunderbird Forensics Tool

Execute Thunderbird Email Forensics with Most Trusted Mozilla Thunderbird Forensics Tool

(Average Rating 4.5 Based on 40 Reviews)

Thunderbird Forensics Tool


  • Perform State of the Art Thunderbird Forensics of Emails in a Smart Manner
  • View Email Files with Properties, Message, Header, HTML, Hex, Etc Modes
  • Previewing Attachments from Thunderbird Emails Is A Unique Feature Here
  • Creation of Multiple or Separate Cases is the Feature to Boost Management
  • Analyze Media Files from the Emails With Tool’s Built-in OCR Functionalities
  • Add the Data Files from Thunderbird Email Client with Multiple Scan Settings
  • General, Fuzzy, Proximity, Regex Search, Etc For A Selective Files Analyses
  • World Cloud, Link Analyses, Time Analysis Are Key Features of the Software
  • Standard, Media & Keyword Filters Make Selective Investigation Hassle-Free
  • Advanced Features to Customize Emails Export in Multiple File Formats Here
  • Mozilla Thunderbird Forensics Tool Generates Reports in PDF & CSV Formats

Download Now
Safe & Secure

Windows OS

Free Live Demo: – Contact the Support Team of SysTools to Get the Live Demo of Thunderbird Forensics Tool

Thunderbird Email Forensics Software - Features

Execute Thunderbird Forensics Like Pro with These Modern Features

evidence loading

Loading of Evidence

Loading the Thunderbird MBOX files is the very first step of investigation for which the software offers an interactive dashboard & smooth process. It helps in quick creation of the cases to begin the evidence analyses.

  • Create Cases - Get the best experience for creating single or multiple cases quickly for easy management of the cases without any single error at all.
  • Hash Settings - Multiple hash settings i.e. MD5, SHA1, and SHA256 are available in the Mozilla Thunderbird forensics software for users.
  • File Scanning - Modes like log unprocessed items, logs at case path, uploading attachments while scanning, etc are crucial for advanced file scanning.

preview data

Previewing Evidence

To preview the Thunderbird emails after adding them to the software, there are plenty of preview modes available with customization as well. Viewing data from different viewpoints is a boost for Forensic investigators.

  • Preview Options - Preview all the data files like emails, calendars, etc with properties, messages, message header, RTF, HEX, MIME, & HTML modes.
  • Attachments View - To not miss out on the attachments of the emails in Mozilla Thunderbird, Attachments Preview mode is quite useful.
  • Custom Columns - MD5, sent, received to, from, subject, etc are the properties that allow investigators to select or deselect customized columns.

search options

The Search Types

This Thunderbird email forensics software provides multiple search types to the digital forensicators for examining the Thunderbird emails.

  • Search Types - General search, regular expression, proximity search wildcard search, fuzzy search, etc are some of the features for effective investigation.
  • Search Filters - The Thunderbird forensics tool offers plenty of filters for searching specific emails from a bunch of files like tags filter, keyword filter, etc.
  • Search Language - Emails in multiple languages can be examined with ease with the help of the Multi-lingual search feature of this advanced software.

data analysis

Evidence Analyses

Now, when it comes to the analyses of evidence in the MBOX file, the major features start playing a key role to find the hidden links & information.

  • Link Analysis - The software offers the flagship Link Analysis feature which is capable of providing links between Email IDs, IPs, & Domain in use.
  • Word Cloud - Another helpful feature is the Word Cloud. This shows a bunch of the most discussed words in the selected emails of Thunderbird email clients.
  • Timeline Analysis - Another major feature of this email forensic utility is to analyze the timeline of single or multiple emails to boost the investigation.

export evidence

Evidence Export

Now, to present the evidence in a court of law, board meetings & other required platforms, It’s significant for users to export the emails in their preferred file formats. For this, the Thunderbird email forensics utility allows exporting the evidence in EML, MSG, PST, CSV, TIFF, DAT, PDF, HTML, etc file formats without any difficulties.

report generation

Status Report Generation

Last but not least, having a status report for the entire investigation is crucial. It basically explains the overview of the entire Thunderbird email forensics analysis findings in short. The software prepares the report in CSV & PDF file format which pretty much explains everything that is required without missing out on anything.

Mozilla Thunderbird Forensics - Software Specifications

Know the System Requirements & Software Specs for Thunderbird Forensics

Software Download

Version: 5.0

Trial Limitations

  • Creates only a Single Case to test the software.
  • Allow only Thunderbird User Mailboxes.
  • Export only 5 Jobs at maximum after analysis.

System Specifications

Hard Disk Space
3GB of Free Space

16 GB of Memory

Intel(R) Core (TM) i5-7400 CPU @ 3.00GHz (Minimum)


  • Microsoft .NET Framework 4.6.1.

Supported Editions

Windows 11, 10 and Windows Server 2012, 2016.




Electronic Delivery


FAQs on Thunderbird Email Forensics

Listed Commonly Asked Questions and Their Answers

Yes, of course, users can easily examine all Thunderbird data including emails, contacts, calendars, attachments, etc with this software.

The software provides the OCR feature for investigating the media files of emails. The specific filters present in the software level up the investigation to examine specific emails as per users' needs to save time.

Users must have Microsoft Framework .NET Framework 4.6.1 in their system to run the tool. Additionally, the system must have enough space, RAM & a decent processor as mentioned above.

This search type allows users to identify & examine suspected emails based on multiple arrangements of patterns. It tries to match strings that contain a similar pattern for deep investigation.

Yes, not only metadata but also the following data items from the Thunderbird emails:

  • Emails
  • Attachments
  • Networks & Links

Trusted User Reviews

Know How Our Users Praise this Thunderbird Forensics Software