archives

email forensics

This tag is associated with 5 posts

Using The Content-Length Header Field In Email Forensics

by Arman Gungor As forensic examiners, we often have to analyze emails in isolation without the benefit of server metadata, neighbor messages, or data from other sources such as workstations. When authenticating an email in isolation, every detail counts—we review a long list of data points such as formatting discrepancies within the message body, dates hidden in … Continue reading

Forensic Examination Of Manipulated Email In Gmail

by Arman Gungor Last week, I came across an interesting post on Forensic Focus. The poster, jahearne, was asking about how one can detect manipulation of an existing email in Gmail. In his hypothetical scenario, the bad actor was using Outlook to edit the message and change its contents after it was received. I wanted to … Continue reading

Searching And Filtering Emails When Forensically Collecting Mailboxes

by Arman Gungor When mailboxes are forensically preserved for eDiscovery or digital forensic investigations, their contents are almost always searched and filtered. Filtering emails helps overcome time, scope and cost constraints and alleviates privacy concerns. There are two main ways of filtering emails—before and after the forensic acquisition. Each method has its pros and cons, … Continue reading

E-mail and appointment falsification analysis

First published September 2009 Analysis of e-mail and appointment falsification on Microsoft Outlook/Exchange By Joachim Metz Hoffmann Investigations http://www.hoffmannbv.nl Version: 1.0 Joachim Metz August 17, 2009 Initial version. Summary In digital forensic analysis it is sometimes required to be able to determine if an e-mail has or has not been falsified. In this paper a … Continue reading

Email Evidence – Now You See it, Now You Don’t!

First published October 2008 By Sandy Boucher and Barry Kuang, Intelysis Corp. Background With the ever increasing role of computers and electronic communications in both our business and personal lives, emails have taken on a key evidentiary role in many high profile court cases. From Oliver North in the Iran-Contra probe to Bill Gates in … Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,199 other followers