*E-mail Investigation Flashcards
As one of the primary means of communications across the Internet, _________is an important source of evidence for forensic investigators.
Conducting _____ is a critical investigative technique for law enforcement.
electronic mail (e-mail)
investigations on e-mail
is short for Electronic mail
is one of the most popular uses of the Internet.
is the exchange of computer-stored messages by telecommunication. E-mail messages are usually encoded in ASCII text.
However, you can also send non-text files, such as graphic images, sound files, and programs, as attachments
E-Mail provides a criminal or terrorist organization with:
Anonymity
Accessibility
Privacy
Use of E-mail - Crimes
Extortions
Cheating
Criminal Defamations and Hoax
Terrorism activities
Use of E-mail – Tech Crimes
Spamming
Phishing Scam
Virus Carriers
The program that end user used to retrieve or send email from the Email server.
Email Client or Mail User Agent
The program or agent that receive and transfer messages from one computer to another.
Email Server
- It is used to identify one users from another. It is also the mailbox assigned to the user.
Email Account
- Provider of Internet Service.
Internet Service Provider (ISP)
A unique number assigned to the computer communication on the Internet
IP Address
is used to separate Account Name
and Domain Name/Host name
@ -
E-mail uses network communication protocols to deliver e-mail messages.
Simple Mail Transfer Protocol (SMTP)
Post Office Protocol version 3 (POP3)
Internet Message Access Protocol (IMAP)
Is the de facto standard for email transmission over the Internet.
Communication between mail servers.
Used by email client to pull messages from mail server.
E-mail Protocol
Simple Mail Transfer Protocol ( SMTP)
Email client use to retrieve messages from mail server.
Email Messages are downloaded to the computer and removed from the Mail Server.
User can read and compose messages without connected to mail server.
Post Office Protocol (POP3)
It is used to access messages on mail server
Messages are stored on the server until the users choose to download or remove from the mail server.
Client s use POP3 and IMAP to retrieve messages and SMTP to send messages.
Internet Message Access Protocol (IMAP)
Usually for email account with ISP’s.
An email client program to access the mailbox.
E.g. Outlook Express and Netscape Messenger.
Configuration is required.
Constant connection to mail server may only be required when sending or receiving messages.
Application Based E-mail
Web Based E-mail
Only a _____ is required . No other programs or configurations is required.
Conveniently check emails from anywhere.
You have to remain connected when accessing mailbox.
Usually free account and limited capacity.
E.g. : Hotmail, Yahoo! And Gmail
web browser
Web based mail accounts can be accessed using email client.
E.g. Gmail can be accessed using email client.
Crossing Path
E-mail Investigations
The following information can be identified during an e-mail investigation:
Who sent the e-mail.
Who received the e-mail.
The subject of the e-mail.
The content of the e-mail.
E–mail Investigation
To determine the “sender” of an e-mail message, investigators need to view the _________
_______ is the information added to the actual message.
Entries in the _______ is stamped by mail server handling the email
e-mail header.
Email header
Where are the headers?
Web based email
Once the e-mail headers have been recovered, internet search tools, such as:
www.network-tools.com
http://samspade.org/t/
http://www.wellho.net/net/world.php4
Can be used to determine the origin of the e-mail messages.
Mail Tracker
Free analysis of email headers.
http://www.theinquirer.net/email_tracker.htm
eMailTrackerPro
By Visualware, trail version available.
Determine IP address, country/region or sender.
Provides a geographical trace of email when used with VisualRoute.
http://www.visualroute.com/personal/products/emailtrackerpro/index.htm
E-mail Headers
Useful Tools
