Email forensic tools : A roadmap to email header analysis through a cybercrime use case

Email is one of the primary sources of numerous criminal activities, on the Internet, of which some threaten human lives. Email analysis is challenging due to not only various fields that can be forged by hackers or the wide range email applications in use, but also due to imposed law restrictions in the analysis of email body. Despite this being a relatively new area, a number of both open source and proprietary forensic tools, with varying possibilities and versatility, have been developed aiding use by practitioners. In this paper, we review existing email forensic tools for email header analysis, as part of email investigation, with emphasis on aspects related to online crime while still considering legal constraints. Through our analysis, we investigate a common case of cybercrime and examine the breadth of information one may gain solely through email forensics analysis. Additionally, a roadmap for email forensic analysis is presented, combining features and functionality already available, to assist the process of digital forensic analysis.

[1]  K. K. Arthur An Investigation Into Computer Forensic Tools , 2004, ISSA.

[2]  Ricci S. C. Ieong,et al.  FORZA - Digital forensics investigation framework that incorporate legal issues , 2006, Digit. Investig..

[3]  Gregg H. Gunsch,et al.  An Examination of Digital Forensic Models , 2002, Int. J. Digit. EVid..

[4]  Marwan Al-Zarouni,et al.  Tracing E-mail Headers , 2004, Australian Computer, Network & Information Forensics Conference.

[5]  Hossain Shahriar,et al.  A Comparative Study of Email Forensic Tools , 2015 .

[6]  Matt Bishop,et al.  Digital Forensics: Defining a Research Agenda , 2009 .

[7]  Peter W. Resnick,et al.  Internet Message Format , 2001, RFC.

[8]  Eoghan Casey The need for knowledge sharing and standardization , 2004, Digit. Investig..

[9]  M. Tariq Banday,et al.  Techniques and Tools for Forensic Investigation of E-mail , 2011 .

[10]  Matthew Geiger,et al.  Evaluating Commercial Counter-Forensic Tools , 2005, DFRWS.

[11]  Justin W. Paglierani A Framework for Extended Acquisition and Uniform Representation of Forensic Email Evidence , 2013 .

[12]  Simson L. Garfinkel,et al.  Digital forensics research: The next 10 years , 2010, Digit. Investig..

[13]  Mjh Lim,et al.  Computational intelligence in E-mail trafficanalysis , 2008 .

[14]  Jan H. P. Eloff,et al.  Framework for a Digital Forensic Investigation , 2006, ISSA.

[15]  Axel W. Krings,et al.  A Formalization of Digital Forensics , 2004, Int. J. Digit. EVid..

[16]  Dave Crocker,et al.  Internet Mail Architecture , 2009, RFC.

[17]  Stephen Flowerday,et al.  Towards a Standardised Digital Forensic Process: E-mail Forensics , 2010, ISSA.

[18]  Natarajan Meghanathan,et al.  Tools and techniques for Network Forensics , 2010, ArXiv.

[19]  Keith W. Ross,et al.  Computer networking - a top-down approach featuring the internet , 2000 .