*E-mail Investigation Flashcards Preview

CIC Module 4 > *E-mail Investigation > Flashcards

Flashcards in *E-mail Investigation Deck (23)
Loading flashcards...

As one of the primary means of communications across the Internet, _________is an important source of evidence for forensic investigators.

Conducting _____ is a critical investigative technique for law enforcement.

electronic mail (e-mail)

investigations on e-mail


is short for Electronic mail

is one of the most popular uses of the Internet.

is the exchange of computer-stored messages by telecommunication. E-mail messages are usually encoded in ASCII text.

However, you can also send non-text files, such as graphic images, sound files, and programs, as attachments



E-Mail provides a criminal or terrorist organization with:



Use of E-mail - Crimes

Criminal Defamations and Hoax
Terrorism activities


Use of E-mail – Tech Crimes

Phishing Scam
Virus Carriers


The program that end user used to retrieve or send email from the Email server.

Email Client or Mail User Agent


The program or agent that receive and transfer messages from one computer to another.

Email Server


- It is used to identify one users from another. It is also the mailbox assigned to the user.

Email Account


- Provider of Internet Service.

Internet Service Provider (ISP)


A unique number assigned to the computer communication on the Internet

IP Address


is used to separate Account Name
and Domain Name/Host name

@ -


E-mail uses network communication protocols to deliver e-mail messages.

Simple Mail Transfer Protocol (SMTP)
Post Office Protocol version 3 (POP3)
Internet Message Access Protocol (IMAP)


Is the de facto standard for email transmission over the Internet.

Communication between mail servers.

Used by email client to pull messages from mail server.

E-mail Protocol
Simple Mail Transfer Protocol ( SMTP)


Email client use to retrieve messages from mail server.

Email Messages are downloaded to the computer and removed from the Mail Server.

User can read and compose messages without connected to mail server.

Post Office Protocol (POP3)


It is used to access messages on mail server

Messages are stored on the server until the users choose to download or remove from the mail server.

Client s use POP3 and IMAP to retrieve messages and SMTP to send messages.

Internet Message Access Protocol (IMAP)


Usually for email account with ISP’s.

An email client program to access the mailbox.

E.g. Outlook Express and Netscape Messenger.

Configuration is required.

Constant connection to mail server may only be required when sending or receiving messages.

Application Based E-mail


Web Based E-mail
Only a _____ is required . No other programs or configurations is required.

Conveniently check emails from anywhere.

You have to remain connected when accessing mailbox.

Usually free account and limited capacity.

E.g. : Hotmail, Yahoo! And Gmail

web browser


Web based mail accounts can be accessed using email client.

E.g. Gmail can be accessed using email client.

Crossing Path


E-mail Investigations
The following information can be identified during an e-mail investigation:

Who sent the e-mail.
Who received the e-mail.
The subject of the e-mail.
The content of the e-mail.


E--mail Investigation
To determine the “sender” of an e-mail message, investigators need to view the _________

_______ is the information added to the actual message.

Entries in the _______ is stamped by mail server handling the email

e-mail header.
Email header


Where are the headers?

Web based email


Once the e-mail headers have been recovered, internet search tools, such as:


Can be used to determine the origin of the e-mail messages.


Mail Tracker
Free analysis of email headers.
By Visualware, trail version available.
Determine IP address, country/region or sender.
Provides a geographical trace of email when used with VisualRoute.

E-mail Headers
Useful Tools