Decoding email
An email has many globally unique identifiers for a digital forensic investigator to identify and to track down. The mailbox and domain name, along with the message ID, will allow a digital forensic investigator to serve judicially approved subpoenas/search warrants on the vendor to follow any investigative leads.
In this section, we will break down the email header one section at a time so that you can make a decision regarding how to conduct your investigation. We will start off by discussing the email envelope.
Understanding the email message format
The vast majority of email users are only familiar with basic email information, such as this:
Subject background checks Date 07/19/2008 23:39:57 +0 Sender alison@m57.biz Recipients jean@m57.biz
We are back to dealing with our friend Jean, and from looking at the email, we can see several fields commonly associated with an email. Here, we know the subject, background checks, the...