hi forum,
I would like to search the market for e-mail examination tools.
I have found Paraben E-mail Examiner, but I would like to test competitive products before buying a solution.
Could you please advise me on this issue?
Thank you in advance,
Mark
If you use EnCase there is built in support for Outllook and Outlook Express (.dbx and .pst files).
FTK handles email quite well too.
Andy
Okay, I am very new and need help with harassing e-mails. More specifically, my wife has received a number of troubling e-mails from somebody who uses a Yahoo address which of couse does not have a profile at their web site. This person has information about my wife that separates this from just SPAM or junk mail and I need to know how to read the path and determine the origination point or real e-mail address. Where do I start???? Thank you. Carl
Carl, if you go to options in the yahoo email (Mail Options - top right hand corner of the web page). Then to General Preferences, and 'Messages'. Select the radio button 'Show all headers on incoming messages'. Save the settings and go back to the offending email. You will now see a lot more information in the display, starting with the line 'X-Apparently-To:'. This is what's known as the extended header information. It contains the IP number of the originating computer that sent the email. It can be maked or spoofed so be careful, some go to great lengths to mask or spoof this information, so read it carefully. It is however (to my knowledge) difficult to spoof the IP number. If in doubt, you need to either research ‘email tracing’ fully with Google, or enlist the aid of a professional to investigate it for you. The originating email is surrounded by square brackets i.e. [200.192.67.1].
Copy and paste this header into the form on this link:
It should give you an idea of what the ISP is that 'owns' the IP number. By using a WHOIS search engine (again check out Google, or use
Andy