forensic examinatio...
 
Notifications
Clear all

forensic examination of e-mails

4 Posts
3 Users
0 Likes
314 Views
 adds
(@adds)
Posts: 5
Active Member
Topic starter
 

hi forum,

I would like to search the market for e-mail examination tools.
I have found Paraben E-mail Examiner, but I would like to test competitive products before buying a solution.

Could you please advise me on this issue?

Thank you in advance,
Mark

 
Posted : 11/04/2005 4:10 pm
 Andy
(@andy)
Posts: 357
Reputable Member
 

If you use EnCase there is built in support for Outllook and Outlook Express (.dbx and .pst files).

FTK handles email quite well too.

Andy

 
Posted : 11/04/2005 8:00 pm
 Carl
(@carl)
Posts: 1
New Member
 

Okay, I am very new and need help with harassing e-mails. More specifically, my wife has received a number of troubling e-mails from somebody who uses a Yahoo address which of couse does not have a profile at their web site. This person has information about my wife that separates this from just SPAM or junk mail and I need to know how to read the path and determine the origination point or real e-mail address. Where do I start???? Thank you. Carl

 
Posted : 25/04/2005 10:56 pm
 Andy
(@andy)
Posts: 357
Reputable Member
 

Carl, if you go to options in the yahoo email (Mail Options - top right hand corner of the web page). Then to General Preferences, and 'Messages'. Select the radio button 'Show all headers on incoming messages'. Save the settings and go back to the offending email. You will now see a lot more information in the display, starting with the line 'X-Apparently-To:'. This is what's known as the extended header information. It contains the IP number of the originating computer that sent the email. It can be maked or spoofed so be careful, some go to great lengths to mask or spoof this information, so read it carefully. It is however (to my knowledge) difficult to spoof the IP number. If in doubt, you need to either research ‘email tracing’ fully with Google, or enlist the aid of a professional to investigate it for you. The originating email is surrounded by square brackets i.e. [200.192.67.1].

Copy and paste this header into the form on this link: http://www.pimall.com/nais/emailtracingtoolbox.html

It should give you an idea of what the ISP is that 'owns' the IP number. By using a WHOIS search engine (again check out Google, or use www.hexillion.com ) you can find the ISP contact details, and make enquiries with them, and perhaps complain etc.

Andy

 
Posted : 26/04/2005 7:59 am
Share: