Abstract
Over the last decades, email has been the major carrier for transporting spam and malicious contents over the network. Email is also the primary source of numerous criminal activities on the Internet. Computer Forensics is a systematic process to retain and analyze saved emails for the purpose of legal proceedings and other civil matters. Email analysis is challenging due to not only various fields that can be forged by hackers or malicious users, but also the flexibility of composing, editing, deleting of emails using offline (e.g., MS Outlook) or online (e.g., Web mail) email applications. Towards this direction, a number of open source forensics tools have been widely used by the practitioners. However, these tools have been developed in an isolated manner rather than a collaborative approach. Given that email forensic tool users need to understand to what extent a tool would be useful for his/her circumstances and conducting forensic analysis accordingly. In this paper, we examine a set of common features to compare and contrast five popular open source email forensic tools. The study finds that all email forensic tools are not similar, offer diverse types of facility. By combining analysis tools, it may be possible to gain detailed information in the area of email forensic.
Highlights
Email is a common method of communication among two parties
We examine the capability of a number of popular email forensic tools including MainXaminer [6], Add4Mail [7], Digital Forensic Framework [8], eMailTrackerPro [9], and Paraben Email Examiner [10]
We identify nine criteria that may be useful and present in forensic tools listed below: 1) requirement of input file in the hard disk, 2) search option 3) information extracted or provided by the tool 4) recovery capability 5) email file format supported 6) visualization support 7) operating system (OS) supported 8) extended device supported 9) and export format supported
Summary
Email is a common method of communication among two parties. It is a file transfer among two servers on a specific port number [1]. One key aspect of designing and developing these technologies is to conduct forensics investigation on sample emails to correctly identify important information such as the recipient name or identity, the path between the sender and the recipient used for transporting the email, the client-side application used to compose the email, the timestamp when a message was generated, a unique message ID, etc. Most of the forensics tools are not intended to solve any specific cyber or computer crime related problem Rather, they are intended to discover or recover information. This paper attempts to answer this question by comparing and contrasting a number of popular email forensic tools. The header part includes many important information such as sender’s IP Address, mail user agents, servers in transit, message id field, and signatures field.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.