Title | Email Investigations |
---|---|
Author | Alan Cieślar |
Course | Forensic IT |
Institution | De Montfort University |
Pages | 6 |
File Size | 561.5 KB |
File Type | |
Total Downloads | 16 |
Total Views | 147 |
Summary on how emails may be investigated in criminal cases ...
Email Investigations
SMTP: Simple Mail Transfer Protocol
Receives emails from the sender Validates source and destination addresses Sends and Receives emails To and From other SMTP Server User/ Email Client/ Webmail use SMTP to SEND the intended email
1
POP: Post Office Protocol
It is an incoming mail server that helps the user to RECEIVE the email residing in its emailbox
POP3 Server Deletes the email from its server once user's email client downloads the particular email
IMAP: Internet Message Access Protocol
It is a standard email protocol that stores email messages on a mail server, but allows the end user to view and manipulate the messages as though they were stored locally on the end user's computing device(s) Examining email messages
Access victim’s computer to recover the evidence Using the victim’s e-mail client Find and copy evidence in the e-mail Access protected or encrypted material Print e-mails Sometimes you will deal with deleted e-mails Copying an e-mail message Before you start an e-mail investigation you need to copy and print the e-mail involved in the crime You might also want to forward the message as an attachment to another e-mail address With many GUI e-mail programs, you can copy an e-mail by dragging it to a storage medium or by saving it in a different location Viewing email headers
Learn how to find e-mail headers GUI clients Command-line clients Web-based clients After you open e-mail headers, copy and paste them into a text document So that you can read them with a text editor Headers contain useful information such as.. Unique identifying numbers, IP address of sending server, and sending time Examining E-mail Headers
Gather supporting evidence and track suspect Return path Recipient’s e-mail address Type of sending e-mail service IP address of sending server Name of the e-mail server 2
Unique message number Date and time the e-mail was sent Attachment files information
3
REMEMBER! •
Always ensure you have legal authorisation
•
Document every action and procedure during your investigation
•
Don’t forget to adhere to the FOUR ACPO Principles
Viewing and examining headers
There are many ways of getting the email header, depending on mail system Hotmail – easy Outlook Express depends on host Find it and copy it to text editor See Email Tracker Pro headers tutorial …
4
5
CRITICAL ISSUES IN EMAIL INVESTIGATIONS Systems Administrators (that can be trusted!) Headers IP address Software support
6...