Email investigations Flashcards
(15 cards)
Describe emails in client/server architecture
Server OS and email software differs from those on client side
List examples of crimes involving emails
Narcotics trafficking
Extortion
Sexual harassment
Child abductions and pornography
What are the methods of examining email messages
Access victim’s computer
Use victim’s email client or pst file
Guide victim on the phone
What is the method for when you find an email involved in a crime
Copy before investigation
Print copy
(Forward as attachment to another email address)
Describe the role of headers in email investigations
Contain useful information
-Unique identifying numbers, sending time and IP address of sending server
Open, copy and paste them into text document to read in text editor
What information is gathered in an email investigation
Return path
Recipient’s email address
Type of sending email service
IP address of sending server
Name of email server
Unique message number
Date and time email was sent
Attachment files information
How do you trace an email message
Contact the administrator responsible for the sending server
Find domain name’s point of contact
Find suspect’s contact information
Verify your findings by checking network email logs against email addresses
Describe router logs
Record all incoming and outgoing traffic
Have rules to allow/disallow traffic
Can be used to resolve the path a transmitted email has taken
Describe the role of firewall logs
Filter email traffic
Can be used to verify whether an email has passed through
What are the types of logs
Default or manual
Continuous or circular
What information can be found in a log
Email content
Sending IP address
Receiving and reading date and time
System specific information
How can deleted files be recovered
Using servers
What do forensic tools find
Email database files
Personal email files
Offline storage files
Log files
Do not need to know how email servers/clients work
