• Skip to primary navigation
  • Skip to main content
  • Skip to footer
TechLila

TechLila

Bleeding Edge, Always

  • Home
  • About
  • Contact
  • Advertise
  • Deals and Offers
Techlila
Share
Tweet
Share
Pin
3 Shares
Email Header Information
Up Next

How to Understand Email Header Information?

Techniques and Tools for Forensic Investigation of Email

TechLila Security

Techniques and Tools for Forensic Investigation of Email

Avatar for Alexa Jackson Alexa Jackson
Last updated on: February 15, 2016

Forensic investigation of emails refers to deeply study the source and content residing in the emails. The study involves identification of the actual sender and recipient of the concerned emails, timestamp of the email transmission, intention of mail, record of the complete email transaction. Investigation of emails proves to be utile in incidents such as email abusing, email phishing, email scams and such other cases where email usage is defamed. Parts of email investigation includes keyword search, metadata investigation, scanning of port, etc.

Techniques And Tools For Forensic Investigation Of Email
Image Credit: Software digital design via Shutterstock.

Techniques For Email Investigation

The various techniques that are deployed in order to perform an efficacious and seamless email investigation are given below:

1) Email Header Analysis

Header analysis is done in order to extract the information regarding the sender of the mail and also the path through which the email has been transmitted. Usually, the metadata of emails is stored in the headers. At times, these headers may be tampered in order to hide the true identity of the sender.

2) Bait Tactics

It is the process to track the IP address of the sender of a particular mail under investigation. In this technique, a mail containing a http: “$lt;img src>” tag is sent to the mail address from which the mail has been received. The recipient in this case is the culprit. When the mail is opened, a log containing the IP address of the recipient is captured by the mail server that is hosting the image and the recipient is tracked. In case the recipient is using a Proxy server, the address of the proxy server gets recorded.

3) Extraction From Server

Server investigation comes handy when the emails residing on the sender and receiver ends have been purged permanently. Since servers maintain a log of the sent and received emails, the log investigation will generate all the deleted emails. Furthermore, the logs can give the information of the source from which the emails have been generated. Server investigation does not mean that all the purged emails can be extracted. This is because after a certain retention period, the emails are deleted permanently from a server.

4) Investigation of Network Sources

This investigation is opted for, when the server logs fail to generate the required information. Also, if the Internet Service Providers do not give access to the server, investigation of network sources is opted. The logs generated by network hubs, routers, firewalls, etc. give information about the origination of the email message.

Popular Tools Deployed For Email Investigation

There are a number of email investigation tools available, that assist in the complete investigation process. These tools generate automated reports of the investigation, identifies the origination and the destination of emails and much more. Some of the tools which are a part of this domain are:

1) EnCase

EnCase enables the investigators to perform imaging of the drive and preserve it in the E01 format, that can be investigated forensically and also can be presented in the court as evidence.

2) FTK

Forensic Toolkit is a comprehensive investigation tool known for the forensic investigation of emails through decryption in emails.

3) MailXaminer

MailXaminer is an advanced email investigation tool that supports more than 20 email formats and around 750 MIME formats. The tool is equipped with great features like:

  • Advance search for keywords
  • Link analysis of emails
  • Skin tone analysis
  • Live Exchange Mailbox analysis and many more.

The tool carves out evidence in the most efficacious way and generates a complete evidence report.

Conclusion

Right techniques and tools if used in the forensic investigation of emails carve out potential evidence in a very short duration of time. Therefore in order to perform an advanced email investigation deployment of the right tool is necessary.

Share
Tweet
Share
Pin
3 Shares

Sharing is Caring

Share
Tweet
Share
Pin
3 Shares
Avatar for Alexa Jackson

Alexa Jackson

Alexa is a Digital Forensic Investigator who does forensics investigation in the global scale. She has extensive experience in Email analysis. She has been a trainer and researcher in the field of email forensics for many years. She is an expertise to analyze the forged email headers from the chunks of emails.

Category

  • Security

Tags

Online Security

Reader Interactions

What people are saying

  1. Avatar for VickyVicky

    Informative post, I guess I’m a bit unaware of this subject and I must say I’ve learned some great info from this post.

    Thanks for sharing.

    Reply
  2. Avatar for NirajNiraj

    Excellent article. Always good to learn more about dealing with email related offenses.

    Thanks!
    Niraj

    Reply
  3. Avatar for MansoorvalliMansoorvalli

    This is very informative. Thanks for the share.

    Reply

Add Your Comment Cancel reply

Your email address will not be published. Required fields are marked *

Footer Logo Footer Text Logo

Footer

About

Hello and welcome to TechLila, the famous technology blog where you can find resourceful articles for mastering the basics and beyond.

At TechLila, our main goal is to provide unique information, such as quality tips and tricks, tutorials, how-to guides on Windows, Macintosh, Linux, Android, iPhone, Security and a few miscellaneous sub-topics such as reviews.

Links

  • About
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms

Follow

Custom Theme Using Genesis Framework

Cloud hosting by Cloudways

© Copyright  2012–2021 TechLila. All Rights Reserved.