15.1 E-Mail Forensics

00:00

Hello and welcome back. Some experts state that there is no doubt that email has emerged as the most important application on Internet for communication. Off messages delivers documents on Corinne outof transactions, and it's used

00:17

not only from computers but many other electronic devices

00:21

like MoveOn sons.

00:23

Not only companies are also members of the public then to use e mails in their critical business activities. Social banking sharing official messages on sharing confidential files. However, this communication medium has also become vulnerable to attacks. That is why, in this morning

00:42

we're covering email for a six on how to get important evidence from these messages.

00:50

Email system Consists off. Various hardware are so for components that includes the senders and receivers. Clients on server computers, who is required so far on service is installed on each. Beside these, it uses various systems on service is off the Internet,

01:10

the sandy on receiving servers or always connected to the Internet. But the sender's receivers client connects to the Internet were required.

01:21

Let's analyze this process.

01:25

Imagine an e mail exchange between Ascender Ali's on the recipient Bob

01:30

at least composers. An email message on her computer called Client for both and sends it to her sentence server using the SMTP Protocol. The Seine Disturber performs a look up for the ministry's record off the receiving server True Domain Name System,

01:51

or Jenise Protocol

01:52

under the server,

01:55

the D. N s Surber response with the highest priority mail exchange server for the domain

02:02

descending server establishes SMTP connection with the receiving Surber on delivers the email message to the mailbox off Bob under receiving server.

02:14

Well, they lost the messages from his smell books on the receiving server to the local male books or his client computer using pop three or I'm up protocols.

02:25

Emotionally, Bob can also read the message store in his Surber Man box without the laureate. Tow them local mailbox by using a were made pro rata.

02:38

That's Wes. A stated before email system is an integration off several hardware s 04 Components Service is on miracles, which provide interoperability between its users on among the components along the path off transfer.

02:57

When I you ther sends an email your receipt planned, this email does not travel directly into a receive inducement server. Instead, it's process to several servers.

03:08

The message main user agent or you A is the email program that is used to compose on read the email messages are declines end.

03:21

There are multiple EMU ways available socials, Outlook Express, Gmail. Under those notes,

03:28

a message or male transfer agent or NT A is the server that sees the message sent from the U A.

03:38

Once the NT I received a message. Eat the coast. The Heather Information to the terminal where the missus she's going

03:46

on delivers the message to the corresponding anti A on the receiving machine

03:52

every time. When the NT I received the message, it modifies the heather by hiring data.

03:59

When the last empty A received the message,

04:02

it the coats it and sent it to receivers in the way,

04:06

so the message can then be seen by the recipient.

04:12

Therefore, animal Heather has multiple pieces off Surber information, including idea dresses.

04:20

The body off An email is text but can also include multimedia elements in hypertext markup language, or HTML on attachments encoded in multipurpose Internet May extensions or a Miami.

04:38

The primary evidence in email investigations is the email Heather. The email header contains a considerable amount of information about the enemy.

04:48

Email header analyses Xu starts from bottom to top because the border most information is information from the sender. On the top, most information is about the receiver. The header is a structure says off use on are included in the moustache by the sender

05:06

or by a component off the email system

05:10

on also contain transit 100 trace information.

05:15

Additionally, the message also contain special control data pertaining to the delivery starters under missus disposition notifications.

05:26

In order to understand the header information, it is necessary to understand the structure Sarah feels have a level in the header. Some of the basic feels our society,

05:39

which is a globally unique message identification string generated will it isn't

05:46

date holds dates on time when the message was made available for delivery from is the name and email address off the outer off. The message

05:57

to specifies a list off addresses off the recipients off the message CC or carbon Kobe. Generally saying us Toefield specifies the secondary recipients

06:10

BCC or blind carbon copy is the address off recipients. Ho's participation is not disclosed to receive appearances specified in to NCC addresses.

06:21

Subject describes the subject or topic off. The message replied Toa is the email address. The other will like recipients to use for replies if present it override the front feud

06:36

received. Contains trace information that includes Are you Knitting Hosts? Marry a Tres replaced as main submission. Asian host domain names on or idea addresses

06:51

Email for a six refers to analyzing the source on content off emails as evidence. Investigation. Off image related crimes on incidents involved various approaches Email Hair analysis is the primary analytical technique.

07:08

These involves analysing meta data in the header.

07:13

It is evident that analyzing hairs helps to identify the majority off image related crimes,

07:20

even supposing fee c span This kinds are even Internet that are leakages. Come be identified by analyzing the heather.

07:30

Cerebral investigation involves investigating copies off the lever email on server looks in Sun organizations. They do provide separate email boxes for the employees by having Internet main servers for network device investigation.

07:48

Investigator made requires that looks maintained by network devices, socialist routers, firewalls and swishes to investigate the source off an email method.

08:01

Another technique is the sole for M. Barrett analysis. Some information about the sender off the main cast files or documents may be included with the message by the email so far used by the sender for composing the enemy.

08:16

Lastly sender. My fingerprints. The received field includes streak information generated by main servers that have produced the hands with a message in reverse. Order

08:30

the ex mailer or use oration Field Health store. Identify e mails suffered.

08:37

There are many tools which may assist in the story off source and content off an email message so that an attack or the malicious intent off the instruction may be investigated.

08:50

E Mail tracker Pro analyzes the headers off An email to the Tech V. I. P Address. Off the machine gun sends the message so that the sender can be tracked down. E mail Tracer traces there in 18 i p. Address on other details from the email header

09:07

eight for mayor for a sick isn't even investigation so far for forensic analysis, he discovery on litigation support Access data after Kay is a standard core validated the investigation blood for on computer for any six so far.

09:24

The liberal computer forensic analysis, The creation on possible cracking.

09:30

Okay, here's a quick question for you in an email header with Field contains the address off recipients whose participation is not disclosed for the recipients. Do you think he's a SEC or B C, C or C two

09:46

or D? Reply to.

09:50

If you said a you're correct.

09:52

The address is in D. C. C, which means blind carbon copy are not disclosed. Unlike the address S N. C. C, which means carbon copy on in the to field.

10:03

Some have email is a widely used are highly district identification cybercriminal force, even headers for legitimate purposes. We sleet. Several crimes on those make even forensic investigation crucial.