*E-mail Investigation

Question 1

As one of the primary means of communications across the Internet, _________is an important source of evidence for forensic investigators.

Conducting _____ is a critical investigative technique for law enforcement.

Answer 1

electronic mail (e-mail)

investigations on e-mail

Question 2

is short for Electronic mail

is one of the most popular uses of the Internet.

is the exchange of computer-stored messages by telecommunication. E-mail messages are usually encoded in ASCII text.

However, you can also send non-text files, such as graphic images, sound files, and programs, as attachments

Answer 2

E-mail

Question 3

E-Mail provides a criminal or terrorist organization with:

Answer 3

Anonymity
Accessibility
Privacy

Question 4

Use of E-mail - Crimes

Answer 4

Extortions
Cheating
Criminal Defamations and Hoax
Terrorism activities

Question 5

Use of E-mail – Tech Crimes

Answer 5

Spamming
Phishing Scam
Virus Carriers

Question 6

The program that end user used to retrieve or send email from the Email server.

Answer 6

Email Client or Mail User Agent

Question 7

The program or agent that receive and transfer messages from one computer to another.

Answer 7

Email Server

Question 8

• It is used to identify one users from another. It is also the mailbox assigned to the user.

Answer 8

Email Account

Question 9

• Provider of Internet Service.

Answer 9

Internet Service Provider (ISP)

Question 10

A unique number assigned to the computer communication on the Internet

Answer 10

IP Address

Question 11

is used to separate Account Name

and Domain Name/Host name

Answer 11

@ -

Question 12

E-mail uses network communication protocols to deliver e-mail messages.

Answer 12

Simple Mail Transfer Protocol (SMTP)
Post Office Protocol version 3 (POP3)
Internet Message Access Protocol (IMAP)

Question 13

Is the de facto standard for email transmission over the Internet.

Communication between mail servers.

Used by email client to pull messages from mail server.

Answer 13

E-mail Protocol

Simple Mail Transfer Protocol ( SMTP)

Question 14

Email client use to retrieve messages from mail server.

Email Messages are downloaded to the computer and removed from the Mail Server.

User can read and compose messages without connected to mail server.

Answer 14

Post Office Protocol (POP3)

Question 15

It is used to access messages on mail server

Messages are stored on the server until the users choose to download or remove from the mail server.

Client s use POP3 and IMAP to retrieve messages and SMTP to send messages.

Answer 15

Internet Message Access Protocol (IMAP)

Question 16

Usually for email account with ISP’s.

An email client program to access the mailbox.

E.g. Outlook Express and Netscape Messenger.

Configuration is required.

Constant connection to mail server may only be required when sending or receiving messages.

Answer 16

Application Based E-mail

Question 17

Web Based E-mail
Only a _____ is required . No other programs or configurations is required.

Conveniently check emails from anywhere.

You have to remain connected when accessing mailbox.

Usually free account and limited capacity.

E.g. : Hotmail, Yahoo! And Gmail

Answer 17

web browser

Question 18

Web based mail accounts can be accessed using email client.

E.g. Gmail can be accessed using email client.

Answer 18

Crossing Path

Question 19

E-mail Investigations

The following information can be identified during an e-mail investigation:

Answer 19

Who sent the e-mail.
Who received the e-mail.
The subject of the e-mail.
The content of the e-mail.

Question 20

E–mail Investigation
To determine the “sender” of an e-mail message, investigators need to view the _________

_______ is the information added to the actual message.

Entries in the _______ is stamped by mail server handling the email

Answer 20

e-mail header.

Email header

Question 21

Where are the headers?

Answer 21

Web based email

Question 22

Once the e-mail headers have been recovered, internet search tools, such as:

www.network-tools.com
http://samspade.org/t/
http://www.wellho.net/net/world.php4

Answer 22

Can be used to determine the origin of the e-mail messages.

Question 23

Mail Tracker
Free analysis of email headers.
http://www.theinquirer.net/email_tracker.htm
eMailTrackerPro
By Visualware, trail version available.
Determine IP address, country/region or sender.
Provides a geographical trace of email when used with VisualRoute.
http://www.visualroute.com/personal/products/emailtrackerpro/index.htm

Answer 23

E-mail Headers

Useful Tools