Decoding email
An email has many unique identifiers for a digital forensic investigator to identify and track down. The mailbox and domain name, along with the message ID, will allow a digital forensic investigator to serve judicially approved subpoenas/search warrants on the vendor to follow any investigative leads.
In this section, we will break down the email header one section at a time so that you can decide how to conduct your investigation. First, we will start by discussing the email envelope.
Understanding the email message format
The vast majority of email users are only familiar with basic email information, such as this:
Subject background checks
Date 07/19/2008 23:39:57 +0
Sender [email protected]
Recipients [email protected]
We are back to dealing with our friend Jean, and by looking at the email, we can see several fields commonly associated with an email. Here, we know the subject, background checks, the date and time when the user sent the email,...