Please enable JavaScript.
Coggle requires JavaScript to display documents.
email investigation (goals :red_flag: (find who is behind the crime,…
email investigation
goals :red_flag:
find who is behind the crime
collect the evidence
present your findings
build a case
crimes :warning:
extortion
sexual harassment
narcotic trafficking
examining email messages
sometimes deal with deleted emails
investigate
open & copy (include headers)
print emails
access protected/encrypted material
find & copy evidence in email
access victim's computer & retrieve evidence
trace email sender
tracing normal emails
tracing corporate email easier
tracing email from public email servers
tracing by viewing email headers
find email headers
GUI client
command-line client
web-based client
headers contain useful info
unique identifying number
sending time
IP address sending email server
IP address of email client
whois
databases with a compilation of info designed to maintain contat info for network resources
name service :star: information about a domain
network service :explode: info about network management data
DNS
mapping between numeric ip addresses & names
dig
get domain name ip & nameservers
nslookup - same as dig but obsolete
email forensics tools
AccessData's FTK
MailBag
DBXtract
spam emails
legal/not depends on the city
becoming commonplace
email client
run program such Outlook Express
email server
run programs such as Exchange
SMTP (simple mail transfer protocol)
current SMTP header is put to head of email
the "received : from" of an email header
identify the IP
must check a lot of computer logs to identify the suspect