E-mail has emerged as the most important application on Internet for communication of messages, delivery of documents and carrying out of transactions and is used not only from computers but many other electronic gadgets like mobile phones. Over a period of year’s e-mail protocols have been secured through several security extensions and producers, however, cybercriminals continue to misuse it for illegitimate purposes by sending spam, phishing e-mails, distributing child pornography, and hate emails besides propagating viruses, worms, hoaxes and Trojan horses. Further, Internet infrastructure misuse through denial of service, waste of storage space and computational resources are costing every Internet user directly or indirectly. It is thus essential to identify and eliminate users and machines misusing e-mail service. E-mail forensic analysis is used to study the source and content of e-mail message as evidence, identifying the actual sender, recipient and date and time it was sent, etc. to collect credible evidence to bring criminals to justice. This paper is an attempt to illustrate e-mail architecture from forensics perspective. It describes roles and responsibilities of different e-mail actors and components, itemizes meta-data contained in e-mail headers, and lists protocols and ports used in it. It further describes various tools and techniques currently employed to carry out forensic investigation of an e-mail message.
[1]
Matt Bishop,et al.
Proceedings of the 42nd Hawaii International Conference on System Sciences- 2009 Digital Forensics: Defining a Research Agenda
,
2022
.
[2]
K. K. Arthur.
An Investigation Into Computer Forensic Tools
,
2004,
ISSA.
[3]
Marwan Al-Zarouni,et al.
Tracing E-mail Headers
,
2004,
Australian Computer, Network & Information Forensics Conference.
[4]
Stephen Flowerday,et al.
Towards a Standardised Digital Forensic Process: E-mail Forensics
,
2010,
ISSA.
[5]
Colin Smythe,et al.
A comparative study of Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP) and X.400 Electronic Mail Protocols
,
1997,
Proceedings of 22nd Annual Conference on Local Computer Networks.
[6]
Xin Luo,et al.
The Domain Name System - Past, Present, and Future
,
2012,
Commun. Assoc. Inf. Syst..
[7]
Dave Crocker,et al.
Internet Mail Architecture
,
2009,
RFC.
[8]
Jay Graham.
Enterprise wide electronic mail using IMAP
,
1999,
SIGUCCS.
[9]
Matthew Geiger,et al.
Evaluating Commercial Counter-Forensic Tools
,
2005,
DFRWS.
[10]
Simson L. Garfinkel,et al.
Digital forensics research: The next 10 years
,
2010,
Digit. Investig..
[11]
Peter W. Resnick,et al.
Internet Message Format
,
2001,
RFC.