Startertutorials Blog
Tutorials and articles related to programming, computer science, technology and others.
Pinterest
Youtube
Instagram
Subscribe to Startertutorials.com's YouTube channel for different tutorial and lecture videos.

Forensic Analysis of E-Mail

  1. You are here »
  2. Home »
Categories: Security and Hacking. No Comments on Forensic Analysis of E-Mail

In this article we will look at forensic analysis of e-mail, what is importance of email header for forensics analsyis of email.

 

Introduction to E-Mail System

An E-Mail system is a combination of hardware and software that controls the flow of E-Mail. Two most important components of an email system are:

  • E-Mail server
  • E-Mail gateway

 

Watch this video to learn about forensic analysis of e-mail:

 

E-Mail servers are computers that forward, collect, store, and deliver email to their clients. The general overview of how an email system works is shown in the following figure:

 

Forensic Analysis of E-Mail

 

E-Mail gateways are the connections between email servers. Mail server software is a software which controls the flow of email. Mail client is the software which is used to send and receive (read) emails. An email contains two parts:

  • Header
  • Body

 

Email Header Forensics Analysis

Email header is very important from forensics point of view. A full header view of an email provides the entire path email’s journey from its source to destination. The header also includes IP and other useful information. Header is a sequence of fields (key-value pair).

 

The body of email contains actual message. Headers can be easily spoofed by spammers. Header protocol analysis is important for investigating evidence. After getting the source IP address we find the ISP’s details. By contacting ISP, we can get further information like:

  • Name
  • Address
  • Contact number
  • Internet facility
  • Type of IP address
  • Any other relevant information

 

It is important during investigations that logs of all servers in the chain need to be examined as soon as possible. If the server mentioned in the bottom received section does not match the server of the email sender, it is a fake email. The Message-ID will help to find a particular email log entry in a email server. RFC2822 defines the Internet message format. According to RFC2822:

  • Each email must have a globally unique identifier
  • Defines the syntax of Message-ID
  • Message-ID can appear in three header fields:
    • Message-ID header
    • In-reply-to header
    • References header

 

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Suryateja Pericherla

Suryateja Pericherla, at present is a Research Scholar (full-time Ph.D.) in the Dept. of Computer Science & Systems Engineering at Andhra University, Visakhapatnam. Previously worked as an Associate Professor in the Dept. of CSE at Vishnu Institute of Technology, India.

He has 11+ years of teaching experience and is an individual researcher whose research interests are Cloud Computing, Internet of Things, Computer Security, Network Security and Blockchain.

He is a member of professional societies like IEEE, ACM, CSI and ISCA. He published several research papers which are indexed by SCIE, WoS, Scopus, Springer and others.

Related Posts

  1. Phishing Attack
  2. Introduction to Digital Forensics
  3. Digital Forensics Life Cycle
  4. Types of Cybercrime
  5. Challenges in Computer Forensics
  6. Hypertext Transfer Protocol in IoT

Leave a Reply

Your email address will not be published. Required fields are marked *