Techniques of email forensic investigations

E-mail forensics

E-mail forensics refers to the study of source and content of e-mail as evidence to spot the actual sender and recipient of a message, data/time of transmission, detailed record of e-mail transaction, intent of the sender, etc. This study involves investigation of metadata, keyword searching, port scanning, etc. for authorship attribution and identification of e-mail scams.
Various approaches that are used for e-mail forensic are described in and are briefly defined below:

Header Analysis

Meta data within the e-mail message within the sort of control information i.e. envelope and headers including headers within the message body contain information about the sender and/or the trail along which the message has traversed. a number of these could also be spoofed to hide the identity of the sender. an in depth analysis of those headers and their correlation is performed in header analysis.

Bait Tactics

In bait tactic investigation an e-mail with http: tag having image source at some computer monitored by the investigators is send to the sender of e-mail under investigation containing real (genuine) e-mail address. When the e-mail is opened, a log entry containing the IP address of the recipient (sender of the e-mail under nvestigation) is recorded on the http server hosting the image and thus sender is tracked. However, if the recipient (sender of the e-mail under investigation) is employing a proxy server then IP address of the proxy server is recorded.
The go online proxy server are often wont to track the sender of the e-mail under investigation. If the proxy server’s log is unavailable thanks to some reason, then investigators may send the tactic email containing a) Embedded Java Applet that runs on receiver’s computer or b) HTML page with Active X Object. Both getting to extract IP address of the receiver’s computer and e-mail it to the investigators.

Server Investigation

In this investigation, copies of delivered e-mails and server logs are investigated to spot source of an e-mail message. E-mail forensic purged from the clients (senders or receivers) whose recovery is impossible could also be requested from servers (Proxy or ISP) as most of them store a copy of all e-mails after their deliveries. Further, logs maintained by servers are often studied to trace the address of the pc liable for making the e-mail transaction. However, servers store the copies of e-mail and server logs just for some limited periods and a few may not co-operate with the investigators. Further, SMTP servers which store data like mastercard number and other data concerning owner of a mailbox are often wont to identify author an e-mail address.

Network Device Investigation.

In this sort of e-mail forensic investigation, logs maintained by the network devices like routers, firewalls and switches are wont to investigate the source of an e-mail message. this type of investigation is complex and is employed only the logs of servers (Proxy or ISP) are unavailable thanks to some reason, e.g. when ISP or proxy doesn’t maintain a log or lack of cooperation by ISP’s or failure to take care of chain of evidence.

Software Embedded Identifiers.

Some information about the creator of e-mail, attached files or documents could also be included with the message by the e-mail software employed by the sender for composing e-mail. This information may be included within the sort of custom headers or within the sort of MIME content as a Transport Neutral Encapsulation Format (TNEF). Investigating the e-mail for these details may reveal some vital information about the senders e-mail preferences and options that would help client side evidence gathering. The investigation can reveal PST file names, Windows logon username, MAC address, etc. of the client computer wont to send e-mail message.

Sender Mailer Fingerprints.

Identification of software handling e-mail at server are often revealed from the Received header field and identification of software handling e-mail at client are often ascertained by using different set of headers like “X-Mailer” or equivalent. These headers describe applications and their versions used at the clients to send e-mail. This information about the client computer of the sender are often wont to help investigators devise an efficient plan and thus convince be very useful.

Reference: INFOSAVVI

Subscribe to our channel and do not miss new collections of tools in various areas of Information Security.

  Posted by: @ESPYER


The Thrilling Adventure of Digital Sleuthing with IRBIS

In the rapidly expanding digital world, IRBIS stands out as a revolutionary online platform for gathering digital intelligence. It offers a host of powerful tools, including deep web searches, facial recognition, and social media analysis, making the process of uncovering hidden insights on the internet simple yet efficient. What sets IRBIS apart is its use of proxy server technology, exemplified by providers like This feature enhances privacy, speed, and access to geo-blocked content, making IRBIS an invaluable tool for both professionals and tech enthusiasts. Using IRBIS is akin to becoming a digital detective, equipped with a cutting-edge toolkit that makes the exploration of the online world an exhilarating experience.

Read More »

Unveiling the Power of Facial Recognition

Discover how the advanced facial recognition technology of Botodetective can revolutionize online investigations. With the ability to search for information about individuals using just their face picture, Botodetective offers a powerful tool for uncovering online presence and conducting thorough investigations. Dive into the world of AI-driven facial recognition and explore how this innovative technology is reshaping the landscape of online investigations. Unleash the potential of Botodetective and unlock a wealth of information with just a simple face picture. Stay ahead of the game and gain valuable insights into individuals’ online activities. Upgrade your investigative capabilities today with Botodetective’s facial recognition feature.

Read More »

Mystic Faces Revealed: Crack the Code of the Unknown with Facial Photo Search

Unleash the Epic Secrets: Master the Art of Discovery with

Are you curious to delve deeper into the lives of the people you encounter? With, you have the ultimate tool at your fingertips. This eye-catching article introduces the power of, an innovative platform that allows you to gather information about others based on phone numbers, names, email addresses, and even photos.

Discover the thrill of uncovering hidden truths about your date or satisfying your curiosity about someone you’ve crossed paths with on the street. Dive into the world of Irbis and witness its advanced facial recognition technology that can identify individuals and provide valuable insights.

Learn how to responsibly navigate this powerful tool and respect the privacy of others as you unlock the secrets that lie beneath the surface. Explore a world of endless possibilities, backed by a secure and encrypted environment.

Join us on this exciting journey and let become your guide in unraveling the mysteries that surround us. Unleash the epic secrets and master the art of discovery today!

Read More »

The Atypical OSINT Guide

This article explores the OffcierCia non-typical OSINT guide on GitHub, which is a library of materials for learning how to conduct open source intelligence (OSINT) investigations. The guide is intended for bored professionals and provides a wide range of unusual OSINT techniques and tools. The article covers the various sections of the guide, including immersive and gamified learning, training and practicing, external data, and more. It also includes a disclaimer that all information is for educational purposes only and based on public sources. The article aims to inform readers about this valuable resource for improving their OSINT skills.

Read More »

Revolutionize Your Instagram Game with AutoGPT-Social

Introducing AutoGPT-Social, an AI-powered tool designed to revolutionize your Instagram content strategy. By automatically generating eye-catching images, captions, and hashtags, this innovative bot optimizes posting schedules based on real-time feedback to maximize engagement. With customizable post frequency settings and automatic hashtag discovery, AutoGPT-Social simplifies content creation, helping you attract likes and followers with ease. To get started, visit the project’s GitHub page: Please use the bot responsibly and at your own risk.

#AutoGPTSocial #InstagramGrowth #AIContentGenerator #MaximizeEngagement

Read More »

Is Your Date Who They Say They Are?

This article highlights the importance of background checks not just for employers, but for individuals as well. It explains how background checks can be helpful for online dating, childcare, and renting out property. The article also mentions, a website that offers background check services with an easy-to-use platform and informative blog. The article emphasizes that conducting a background check can provide peace of mind and help make informed decisions about the people in your life.

Read More »