{"id":729,"date":"2021-07-18T07:51:37","date_gmt":"2021-07-18T07:51:37","guid":{"rendered":"https:\/\/www.softaken.com\/guide\/?p=729"},"modified":"2021-11-02T06:16:11","modified_gmt":"2021-11-02T06:16:11","slug":"email-forensics-investigation-techniques-for-forensic-experts","status":"publish","type":"post","link":"https:\/\/www.softaken.com\/guide\/email-forensics-investigation-techniques-for-forensic-experts\/","title":{"rendered":"Explained All About Email Forensics Investigation Techniques for Forensic Experts"},"content":{"rendered":"<blockquote><p><strong><u>Summary<\/u>:<\/strong> The article deals with the ways to investigate emails. This includes the complete process of investigating a specific email, info about the email server used, the network devices used for sending the email, the recipient\/sender of the email, analysis of the email header, deep investigation of the sender\u2019s fingerprints, software used, and a lot more.<\/p><\/blockquote>\n<p><strong>Let us begin with the understanding of Email Forensics. It is a deep study about an email.\u00a0 Here study denotes several things such as:<\/strong><\/p>\n<ul>\n<li>Content mentioned in the email<\/li>\n<li>Information about sender\/recipient<\/li>\n<li>Scanning of the port<\/li>\n<li>Keyword searching<\/li>\n<li>Date\/time of sending\/receiving email<\/li>\n<li>Deep study about metadata<\/li>\n<li>Email attachments<\/li>\n<li>IP address of the PC\/server<\/li>\n<\/ul>\n<p>A special team of Email forensics uses a unique technique to study and evaluate the email so that it becomes easy to collect evidence regarding the case. It is fully explained below:<\/p>\n<ol>\n<li><strong>Email Header:<\/strong> The email header consisted of crucial information such as sender\u2019s\/receiver\u2019s name, server via which a message is sent, and so on. Check the image below to know more about the email header fields:<\/li>\n<\/ol>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-730 size-full\" src=\"https:\/\/www.softaken.com\/guide\/wp-content\/uploads\/2021\/07\/email-header.png\" alt=\"Email Header\" width=\"668\" height=\"484\" srcset=\"https:\/\/www.softaken.com\/guide\/wp-content\/uploads\/2021\/07\/email-header.png 668w, https:\/\/www.softaken.com\/guide\/wp-content\/uploads\/2021\/07\/email-header-300x217.png 300w\" sizes=\"auto, (max-width: 668px) 100vw, 668px\" \/><\/p>\n<p>Therefore the details mentioned in the email header create ease for forensic experts while investigating an email. The fields include \u2013 <strong>\u2018Delivered-To\u2019<\/strong>, \u2018<strong>Received\u2019<\/strong>, <strong>\u2018X-Received\u2019,<\/strong> \u2018<strong>Return-Path\u2019,<\/strong> <strong>\u2018Received SFP\u2019, \u2018DKIM Signature\u2019.<\/strong> This information is vitally important to find out the guilty.\u00a0 Forensic experts study the header of the email and able to collect crucial information.<\/p>\n<ol start=\"2\">\n<li><strong>Fingerprints:<\/strong> X-headers are email headers that are added to the email messages along with standard headers such as Subject and To. These are added for several reasons such as spam filter info, authentication results, identifying the software used for email. X-originating-IP header help experts in availing details about the original sender through the IP address of the PC<\/li>\n<li><strong>Network Devices:<\/strong> On several occasions, logs of servers are unavailable which may create trouble in the smooth path of investigators. Investigators can refer to the log by various network devices such as firewalls, routers, etc to trace the email message.<\/li>\n<li><strong>Server Investigation:<\/strong> Just as the Email header is important, in the same way, email server investigation also plays an important role for forensic experts. It deals with scanning the Proxy Server or ISP of the deleted email as it saves the copy of emails after delivery. Servers keep the record of the logs which helps forensics in searching the computer\u2019s address from which the email is originated.<\/li>\n<\/ol>\n<p>It is important to note that SMTP and HTTP logs are archived by ISPs and if by any chance a log is archived then collecting the relevant information from the email can be a tedious task. In such a scenario, the team of experts uses other techniques. Thus, ensure investigating the logs ASAP before they archive.<\/p>\n<ol start=\"5\">\n<li><strong>Software Embedded Identifiers:<\/strong> The email software (such as Outlook, Apple Mail, Mozilla Thunderbird, etc.) used by the sender contributes a lot in collecting crucial information about file attachments with the email. It is available in the MIME content as TNEF (a Transport Neutral Encapsulation Format). Forensic experts conduct a deep study about these sections to collect important information about MAC address, username, PST files, and a lot more.<\/li>\n<li><strong>Bait Tactics:<\/strong> This is yet another technique to investigate the email. It is helpful when it is to locate cybercriminals. To use this technique, the experts send an email containing a http: <strong>\u201c&lt;img src&gt;\u201d<\/strong> tag to the suspect. As soon as the suspect receives and opens the email, the computer\u2019s IP address is automatically registered in the log entry on HTTP server. And this IP address helps in tracking the suspect.<\/li>\n<\/ol>\n<p>A technically sound suspect does not open the email immediately. He\/she will use the proxy server to hide their identity. However, in that case, also, the IP address of the proxy server will be recorded which further initiates in identifying the suspect. On the contrary, if the log is not available, then investigating team can send the email comprises of the following information:<\/p>\n<ul>\n<li>Embedded Java Applet configured to run on the recipient\u2019s PC<\/li>\n<li>HTML page with an Active X Object<\/li>\n<\/ul>\n<p>Both of them support in keeping a record of the IP address of the suspect\u2019s PC experts will able to make out the suspect easily.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary: The article deals with the ways to investigate emails. This includes the complete process of investigating a specific email, info about the email server used, the network devices used for sending the email, the recipient\/sender of the email, analysis of the email header, deep investigation of the sender\u2019s fingerprints, software used, and a lot [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":731,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_sl_quick_summary":"","_sl_featured":"","_sl_entry_faq_json":"","footnotes":""},"categories":[30,12],"tags":[],"class_list":["post-729","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-article","category-data-recovery"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Email Forensics Investigation Techniques for Forensic Experts<\/title>\n<meta name=\"description\" content=\"This article will go over all of the Email Forensics Investigation Techniques for Forensic Experts. To learn about the solutions read through the blows.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.softaken.com\/guide\/email-forensics-investigation-techniques-for-forensic-experts\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Email Forensics Investigation Techniques for Forensic Experts\" \/>\n<meta property=\"og:description\" content=\"This article will go over all of the Email Forensics Investigation Techniques for Forensic Experts. To learn about the solutions read through the blows.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.softaken.com\/guide\/email-forensics-investigation-techniques-for-forensic-experts\/\" \/>\n<meta property=\"og:site_name\" content=\"How to Guide\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/softaken\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-18T07:51:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-11-02T06:16:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.softaken.com\/guide\/wp-content\/uploads\/2021\/07\/email-forensics-investigation-techniques.png\" \/>\n\t<meta property=\"og:image:width\" content=\"747\" \/>\n\t<meta property=\"og:image:height\" content=\"350\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Csaba Farkas\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@softaken\" \/>\n<meta name=\"twitter:site\" content=\"@softaken\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Csaba Farkas\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Email Forensics Investigation Techniques for Forensic Experts","description":"This article will go over all of the Email Forensics Investigation Techniques for Forensic Experts. To learn about the solutions read through the blows.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.softaken.com\/guide\/email-forensics-investigation-techniques-for-forensic-experts\/","og_locale":"en_US","og_type":"article","og_title":"Email Forensics Investigation Techniques for Forensic Experts","og_description":"This article will go over all of the Email Forensics Investigation Techniques for Forensic Experts. To learn about the solutions read through the blows.","og_url":"https:\/\/www.softaken.com\/guide\/email-forensics-investigation-techniques-for-forensic-experts\/","og_site_name":"How to Guide","article_publisher":"https:\/\/www.facebook.com\/softaken","article_published_time":"2021-07-18T07:51:37+00:00","article_modified_time":"2021-11-02T06:16:11+00:00","og_image":[{"width":747,"height":350,"url":"https:\/\/www.softaken.com\/guide\/wp-content\/uploads\/2021\/07\/email-forensics-investigation-techniques.png","type":"image\/png"}],"author":"Csaba Farkas","twitter_card":"summary_large_image","twitter_creator":"@softaken","twitter_site":"@softaken","twitter_misc":{"Written by":"Csaba Farkas","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.softaken.com\/guide\/email-forensics-investigation-techniques-for-forensic-experts\/#article","isPartOf":{"@id":"https:\/\/www.softaken.com\/guide\/email-forensics-investigation-techniques-for-forensic-experts\/"},"author":{"name":"Csaba Farkas","@id":"https:\/\/www.softaken.com\/guide\/#\/schema\/person\/6c7e4d65a2c14f17bb91e79dd4926080"},"headline":"Explained All About Email Forensics Investigation Techniques for Forensic Experts","datePublished":"2021-07-18T07:51:37+00:00","dateModified":"2021-11-02T06:16:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.softaken.com\/guide\/email-forensics-investigation-techniques-for-forensic-experts\/"},"wordCount":719,"commentCount":0,"publisher":{"@id":"https:\/\/www.softaken.com\/guide\/#organization"},"image":{"@id":"https:\/\/www.softaken.com\/guide\/email-forensics-investigation-techniques-for-forensic-experts\/#primaryimage"},"thumbnailUrl":"https:\/\/www.softaken.com\/guide\/wp-content\/uploads\/2021\/07\/email-forensics-investigation-techniques.png","articleSection":["Articles","Data Recovery"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.softaken.com\/guide\/email-forensics-investigation-techniques-for-forensic-experts\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.softaken.com\/guide\/email-forensics-investigation-techniques-for-forensic-experts\/","url":"https:\/\/www.softaken.com\/guide\/email-forensics-investigation-techniques-for-forensic-experts\/","name":"Email Forensics Investigation Techniques for Forensic Experts","isPartOf":{"@id":"https:\/\/www.softaken.com\/guide\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.softaken.com\/guide\/email-forensics-investigation-techniques-for-forensic-experts\/#primaryimage"},"image":{"@id":"https:\/\/www.softaken.com\/guide\/email-forensics-investigation-techniques-for-forensic-experts\/#primaryimage"},"thumbnailUrl":"https:\/\/www.softaken.com\/guide\/wp-content\/uploads\/2021\/07\/email-forensics-investigation-techniques.png","datePublished":"2021-07-18T07:51:37+00:00","dateModified":"2021-11-02T06:16:11+00:00","description":"This article will go over all of the Email Forensics Investigation Techniques for Forensic Experts. To learn about the solutions read through the blows.","breadcrumb":{"@id":"https:\/\/www.softaken.com\/guide\/email-forensics-investigation-techniques-for-forensic-experts\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.softaken.com\/guide\/email-forensics-investigation-techniques-for-forensic-experts\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.softaken.com\/guide\/email-forensics-investigation-techniques-for-forensic-experts\/#primaryimage","url":"https:\/\/www.softaken.com\/guide\/wp-content\/uploads\/2021\/07\/email-forensics-investigation-techniques.png","contentUrl":"https:\/\/www.softaken.com\/guide\/wp-content\/uploads\/2021\/07\/email-forensics-investigation-techniques.png","width":747,"height":350,"caption":"Email Forensics Investigation Techniques"},{"@type":"BreadcrumbList","@id":"https:\/\/www.softaken.com\/guide\/email-forensics-investigation-techniques-for-forensic-experts\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Softaken","item":"https:\/\/www.softaken.com\/guide\/"},{"@type":"ListItem","position":2,"name":"Explained All About Email Forensics Investigation Techniques for Forensic Experts"}]},{"@type":"WebSite","@id":"https:\/\/www.softaken.com\/guide\/#website","url":"https:\/\/www.softaken.com\/guide\/","name":"How to Guide","description":"Softaken","publisher":{"@id":"https:\/\/www.softaken.com\/guide\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.softaken.com\/guide\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.softaken.com\/guide\/#organization","name":"softaken","url":"https:\/\/www.softaken.com\/guide\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.softaken.com\/guide\/#\/schema\/logo\/image\/","url":"https:\/\/www.softaken.com\/guide\/wp-content\/uploads\/2021\/05\/softaken.png","contentUrl":"https:\/\/www.softaken.com\/guide\/wp-content\/uploads\/2021\/05\/softaken.png","width":284,"height":86,"caption":"softaken"},"image":{"@id":"https:\/\/www.softaken.com\/guide\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/softaken","https:\/\/x.com\/softaken","https:\/\/www.linkedin.com\/company\/softaken-software","https:\/\/www.pinterest.com\/softaken\/","https:\/\/www.youtube.com\/c\/SoftakenSoftware"]},{"@type":"Person","@id":"https:\/\/www.softaken.com\/guide\/#\/schema\/person\/6c7e4d65a2c14f17bb91e79dd4926080","name":"Csaba Farkas","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f2f3ede4e9c9919c8e89a1757d107fc76abe1360e75638ad081916fac6c1310f?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f2f3ede4e9c9919c8e89a1757d107fc76abe1360e75638ad081916fac6c1310f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f2f3ede4e9c9919c8e89a1757d107fc76abe1360e75638ad081916fac6c1310f?s=96&d=mm&r=g","caption":"Csaba Farkas"},"description":"Csaba Farkas is a technical writer and data solutions expert specializing in email migration, file conversion, and system optimization. With a strong background in analyzing software performance and usability, he creates well-researched, practical content that helps users choose secure and efficient tools. At Softaken Software, Csaba focuses on simplifying complex processes and providing trustworthy insights based on real testing and industry knowledge.","url":"https:\/\/www.softaken.com\/guide\/author\/csaba\/"}]}},"_links":{"self":[{"href":"https:\/\/www.softaken.com\/guide\/wp-json\/wp\/v2\/posts\/729","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.softaken.com\/guide\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.softaken.com\/guide\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.softaken.com\/guide\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.softaken.com\/guide\/wp-json\/wp\/v2\/comments?post=729"}],"version-history":[{"count":2,"href":"https:\/\/www.softaken.com\/guide\/wp-json\/wp\/v2\/posts\/729\/revisions"}],"predecessor-version":[{"id":733,"href":"https:\/\/www.softaken.com\/guide\/wp-json\/wp\/v2\/posts\/729\/revisions\/733"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.softaken.com\/guide\/wp-json\/wp\/v2\/media\/731"}],"wp:attachment":[{"href":"https:\/\/www.softaken.com\/guide\/wp-json\/wp\/v2\/media?parent=729"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.softaken.com\/guide\/wp-json\/wp\/v2\/categories?post=729"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.softaken.com\/guide\/wp-json\/wp\/v2\/tags?post=729"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}