E-mail forensics challenges
In this section, we will analyze the trace file(s) in order to solve the challenges. The trace files contain interesting e-mail traffic, waiting for analysis. Let's dive in.
Challenge 1 – Normal login session
Description: A user logs in to the mail server to access his e-mail.
Note
Required files for this challenge are available at http://securityoverride.org/challenges/forensics/3/.
Goal: Identify the username and password from the given trace file.
Analysis: Key points about the trace file available with this challenge are:
ESMTP (Extended SMTP): This can be seen in this trace file. ESMTP extends the SMTP protocol by providing extensions.
SMTP-AUTH: This extension is used in this trace for authentication purpose.
AUTH LOGIN: This command in packet 8 of this trace is used to make an authenticated login to the server. After
AUTH LOGIN
command has been sent to the server, the server asks for the username and password by sending Base64-encoded text (questions) to the...