• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

TechLila

Bleeding Edge, Always

  • Home
  • About
  • Contact
  • Deals and Offers
Techlila Logo
Share
Tweet
Share
Pin
3 Shares
Email Header Information
Up Next

How to Understand Email Header Information?

Techniques And Tools For Forensic Investigation Of Email

TechLila Security

Techniques and Tools for Forensic Investigation of Email

Avatar of Alexa Jackson Alexa Jackson
Last updated on: February 15, 2016

Forensic investigation of emails refers to deeply study the source and content residing in the emails. The study involves identification of the actual sender and recipient of the concerned emails, timestamp of the email transmission, intention of mail, record of the complete email transaction. Investigation of emails proves to be utile in incidents such as email abusing, email phishing, email scams and such other cases where email usage is defamed. Parts of email investigation includes keyword search, metadata investigation, scanning of port, etc.

Techniques And Tools For Forensic Investigation Of Email
Image Credit: Software digital design via Shutterstock.

Techniques For Email Investigation

The various techniques that are deployed in order to perform an efficacious and seamless email investigation are given below:

1) Email Header Analysis

Header analysis is done in order to extract the information regarding the sender of the mail and also the path through which the email has been transmitted. Usually, the metadata of emails is stored in the headers. At times, these headers may be tampered in order to hide the true identity of the sender.

2) Bait Tactics

It is the process to track the IP address of the sender of a particular mail under investigation. In this technique, a mail containing a http: “$lt;img src>” tag is sent to the mail address from which the mail has been received. The recipient in this case is the culprit. When the mail is opened, a log containing the IP address of the recipient is captured by the mail server that is hosting the image and the recipient is tracked. In case the recipient is using a Proxy server, the address of the proxy server gets recorded.

3) Extraction From Server

Server investigation comes handy when the emails residing on the sender and receiver ends have been purged permanently. Since servers maintain a log of the sent and received emails, the log investigation will generate all the deleted emails. Furthermore, the logs can give the information of the source from which the emails have been generated. Server investigation does not mean that all the purged emails can be extracted. This is because after a certain retention period, the emails are deleted permanently from a server.

4) Investigation of Network Sources

This investigation is opted for, when the server logs fail to generate the required information. Also, if the Internet Service Providers do not give access to the server, investigation of network sources is opted. The logs generated by network hubs, routers, firewalls, etc. give information about the origination of the email message.

Popular Tools Deployed For Email Investigation

There are a number of email investigation tools available, that assist in the complete investigation process. These tools generate automated reports of the investigation, identifies the origination and the destination of emails and much more. Some of the tools which are a part of this domain are:

1) EnCase

EnCase enables the investigators to perform imaging of the drive and preserve it in the E01 format, that can be investigated forensically and also can be presented in the court as evidence.

2) FTK

Forensic Toolkit is a comprehensive investigation tool known for the forensic investigation of emails through decryption in emails.

3) MailXaminer

MailXaminer is an advanced email investigation tool that supports more than 20 email formats and around 750 MIME formats. The tool is equipped with great features like:

  • Advance search for keywords
  • Link analysis of emails
  • Skin tone analysis
  • Live Exchange Mailbox analysis and many more.

The tool carves out evidence in the most efficacious way and generates a complete evidence report.

Conclusion

Right techniques and tools if used in the forensic investigation of emails carve out potential evidence in a very short duration of time. Therefore in order to perform an advanced email investigation deployment of the right tool is necessary.

Share
Tweet
Share
Pin
3 Shares

Disclosure: Content published on TechLila is reader-supported. We may receive a commission for purchases made through our affiliate links at no extra cost to you. Read our Disclaimer page to know more about our funding, editorial policies, and ways to support us.

Sharing is Caring

Share
Tweet
Share
Pin
3 Shares
Avatar of Alexa Jackson

Alexa Jackson

    Alexa is a Digital Forensic Investigator who does forensics investigation in the global scale. She has extensive experience in Email analysis. She has been a trainer and researcher in the field of email forensics for many years. She is an expertise to analyze the forged email headers from the chunks of emails.

    Category

    • Security

    Tags

    Online Security

    Reader Interactions

    What people are saying

    1. Avatar of VickyVicky

      Informative post, I guess I’m a bit unaware of this subject and I must say I’ve learned some great info from this post.

      Thanks for sharing.

      Reply
    2. Avatar of NirajNiraj

      Excellent article. Always good to learn more about dealing with email related offenses.

      Thanks!
      Niraj

      Reply
    3. Avatar of MansoorvalliMansoorvalli

      This is very informative. Thanks for the share.

      Reply

    Add Your Comment Cancel reply

    Your email address will not be published. Required fields are marked *

    Primary Sidebar

    Popular

    How to Increase Broadband Speed on Windows

    10 Best Android Launchers of 2021

    Things to Do After Installing Windows 10 – Windows 10 Tips and Tricks

    Top 10 Search Engines You Can Use to Search the Web Privately

    55 Interesting Computer Facts That Will Blow Your Mind

    What to Look for When Buying a Laptop – A Laptop Buying Guide

    Fusion Drive Vs SSD – Things Nobody Tells you About Fusion vs SSD Storage

    Useful Tools

    • Grammarly – Free Grammar Checker
    • SEMrush – The Best SEO Tool Trusted by Experts
    • Setapp – One-stop subscription for Mac and iOS

    Trending Topics

    • Android
    • Internet
    • iPhone
    • Linux
    • Macintosh
    • Security
    • Social Media
    • Technology
    • Windows

    Worth Checking

    10 Best Sound Equalizer for Windows 10 (2022 Edition!)

    14 Best VLC Skins that are Highly Recommended and Free

    Footer Logo Footer Text Logo

    Footer

    About

    Hello and welcome to TechLila, the famous technology blog where you can find resourceful articles for mastering the basics and beyond.

    At TechLila, our main goal is to provide unique information, such as quality tips and tricks, tutorials, how-to guides on Windows, Macintosh, Linux, Android, iPhone, Security and a few miscellaneous sub-topics such as reviews.

    Links

    • About
    • Contact Us
    • Disclaimer
    • Privacy Policy
    • Terms

    Follow

    Custom Theme Using Genesis Framework

    Cloud hosting by Cloudways

    Language

    en English
    bg Българскиzh-CN 简体中文nl Nederlandsen Englishtl Filipinofr Françaisde Deutschid Bahasa Indonesiait Italianoja 日本語pl Polskipt Portuguêsro Românăru Русскийsr Српски језикes Españolsv Svenskatr Türkçeuk Українськаvi Tiếng Việt

    © Copyright  2012–2022 TechLila. All Rights Reserved.