***Welcome to ashrafedu.blogspot.com * * * This website is maintained by ASHRAF***

Posts

    Latest Updates

    Thursday, April 6, 2023

    Srutinizing e-mails (Investigation Using Emails/email forensics)

    email forensics/ Srutinizing e-mails (Investigation Using Emails)

    Emails play a very important role in communications and have emerged as one of the most important applications on internet. They are a convenient and easy mode for sending messages as well as documents, not only from computers but also from other electronic gadgets such as mobile phones and tablets.

    The negative side of emails is that adversaries(criminals) may leak important information about a company through emails.

    Hence, the role of emails in digital forensics has been increased in recent years. In digital forensics, emails are considered as crucial evidences and Email Header Analysis has become important to collect evidence during forensic process.

    An investigator has the following goals while performing email forensics −

    • To identify the adversary(criminal)
    • To collect necessary evidences
    • To presenting the findings
    • To build the case

    Challenges in Email Forensics

    An email forensic investigator may face the following challenges during the investigation

    1. Fake Emails

    The biggest challenge in email forensics is the use of fake e-mails that are created by manipulating and scripting headers etc. In this criminals also use temporary email which is a service that allows a registered user to receive email at a temporary address that expires after a certain time period.

    2. Spoofing

    Another challenge in email forensics is spoofing in which criminals used to present an email as someone else’s. In this case the machine will receive both fake as well as original IP address.

    3. Anonymous Re-emailing

    Here, the Email server strips identifying information from the email message before forwarding it further. This leads to another big challenge for email investigations.

    Techniques Used in Email Forensic Investigation

    Email forensics is the study of source and content of email as evidence to identify the actual sender and recipient of a message along with some other information such as date/time of transmission and intention of sender. 

    Some of the common techniques which can be used for email forensic investigation are

    • Header Analysis

    Email headers contain essential information, including the name of the sender and receiver, the path (servers and other devices) through which the message has traversed, etc. The vital details in email headers help investigators and forensics experts in the email investigation.

    • Server investigation

    Email servers are investigated to locate the source of an email. For example, if an email is deleted from a client application, sender’s, or receiver’s, then related ISP or Proxy servers are scanned as they usually save copies of emails after delivery. Servers also maintain logs that can be analyzed to identify the computer’s address from which the email originated.

    • Network Device Investigation

    In some cases, logs of servers are not available. This can happen for many reasons, such as when servers are not configured to maintain logs or when an ISPs refuses to share the log files. In such an event, investigators can refer to the logs maintained by network devices such as switches, firewalls, and routers to trace the source of an email message.

    • Sender Mailer Fingerprints

    X-headers are email headers that are added to messages along with standard headers, like Subject and To. The x-originating-IP header can be used to find the original sender, i.e., the IP address of the sender’s computer.

    • Software Embedded Identifiers

    Sometimes, the email software used by a sender can include additional information about the message and attached files in the email. For example, it can be found in Multipurpose Internet Mail Extensions (MIME) content as a Transport Neutral Encapsulation Format (TNEF) or custom header. An in-depth analysis of these sections can reveal vital details related to the sender, like the MAC address, Windows login username of the sender and much more.

     

     

     

    No comments:

    Post a Comment

    Network session analysis

    Network session analysis Network session analysis is a method of monitoring network activity and availability to identify issues, such as ...