TIPS FOR ADVANCED EMAIL CONTENT ANALYSIS TECHNIQUES
As we know almost just doing data extraction & reporting, not forensics. Digital forensics is a branch of forensic science focusing on the recovery and investigation of raw data residing in electronic or digital devices. The goal of the process is to extract and recover any information from a digital device without altering the data present on the device.
Gmail Yahoo Mail Forensic
MUST READ: GLOSSARY : COMPUTER & EMAIL FORENSICS
An email is made up of various components that collaboratively help in its forensics. Email body, header and its fields, attachments, and its related properties assist in its analysis. The various levels of email forensics include collecting data in a readable form, which means Data Recovery. At the initial stage, when the data to be investigated is converted into a readable format, it simplifies rest of its forensics.
Data Recovery, although is a wide area has become a line of the requirement for investigators as it helps in restoring and filtering emails without damage to its integrity. Tools that are available for email forensics do deploy algorithms for recovery so that all stages of e-discovery are carried out successfully.
Don’t rely on single tool, it may give false positive. We Should analysis with different tools and resources. By combining traditional digital forensics with techniques from e-discovery and information governance, investigators can:
• Incase E-mails: Quickly and simply identify suspicious patterns such as:
– Messages sent outside of business hours
– Messages sent from corporate accounts to personal addresses, the media, or competing companies
– Messages containing encrypted zip files as attachments.
• Use IP address geo-positioning, mobile phone call records, and GPS data embedded in photos to plot locations on a map.
• Reconstruct email conversations, text messages, and online chats from multiple sources so an investigator can read them in the order sent between individuals.
• Apply skin-tone analysis to quickly identify inappropriate images and trace their origin.
• Identify duplicate and near-duplicate documents, investigators can act on them more intelligently, either setting them aside or targeting them for deeper analysis.
• Identify relevant evidence in unallocated clusters by connecting recovered data to similar content in allocated files.
• Combine near-duplicate and word context analysis to quickly identify and eliminate large quantities of irrelevant data.
As the use of electronic documents as evidence in legal proceedings is becoming more and more popular, so is email forgery, electronic document data forgery, and other electronic fraud. However, electronic documents usually contain numerous metadata fields, rendering most forgery attempts discoverable. Email transport headers and other metadata such as the Conversation Index, Sent Time and Delivery Time Microsoft Outlook Messaging API (MAPI) Properties are just a few of the numerous metadata fields computer forensics experts can use during email forgery analysis.
Some resources :
- Techniques And Tools For Forensic Investigation Of E-Mail
- A Comparative Study of Email Forensic Tools
- Email forensic tools: A roadmap to email header analysis through a cyber crime use case
- Email-header analysis
- Journal on Email forensic tools: A roadmap to email header analysis through a cyber crime use case
- Forensic Email Search
- Forensic Email Search by GBHacker