Covert communication by means of email spam: A challenge for digital investigation

In digital investigations the investigator typically has to deal with thousands of digital artifacts. Among them, email has long been one of the many focuses that potentially can generate useful information. However, in our training we notice a tendency to overlook or downplay the importance of analyzing spam emails as they are generally assumed to be irrelevant junk emails. In this article we thus illustrate how these seemingly irrelevant messages might play a crucial role in digital investigations. Five scenarios are introduced in which the investigator tends to overlook crucial incriminating information that has been disguised as spam. The methods used by criminals in these cases are discussed. In light of these covert criminal communications, we call for more attention from the digital forensics community to realize how email spam may assist in criminal activities.

[1]  Ophir Frieder,et al.  A system for the proactive, continuous, and efficient collection of digital forensic evidence , 2011, Digit. Investig..

[2]  Ben Shneiderman Web science: a provocative invitation to computer science , 2007, CACM.

[3]  Calton Pu,et al.  A study on evolution of email spam over fifteen years , 2013, CollaborateCom 2013.

[4]  Simson L. Garfinkel,et al.  Forensic feature extraction and cross-drive analysis , 2006, Digit. Investig..

[5]  Nick Feamster,et al.  Observing common spam in Twitter and email , 2012, Internet Measurement Conference.

[6]  Gordon V. Cormack,et al.  Spam and the ongoing battle for the inbox , 2007, CACM.

[7]  Ting Wang,et al.  Online active multi-field learning for efficient email spam filtering , 2011, Knowledge and Information Systems.

[8]  Jennifer M. Heisler,et al.  Who are "stinkybug" and "Packerfan4"? Email Pseudonyms and Participants' Perceptions of Demography, Productivity, and Personality , 2006, J. Comput. Mediat. Commun..

[9]  Angela Orebaugh,et al.  Classification of Instant Messaging Communications for Forensics Analysis , 2009 .

[10]  Kevin M. Rogers Viagra, viruses and virgins: A pan-Atlantic comparative analysis on the vanquishing of spam , 2006, Comput. Law Secur. Rev..

[11]  John W. Yeargain,et al.  Can-Spam Act of 2003: How to Spam Legally , 2004 .

[12]  Spammer-X. Inside the Spam Cartel: Trade Secrets from the Dark Side , 2004 .

[13]  Curt R. Bartol,et al.  Criminal & Behavioral Profiling , 2012 .

[14]  Yiyu Yao,et al.  A Three-Way Decision Approach to Email Spam Filtering , 2010, Canadian Conference on AI.

[15]  Andreas Prlic,et al.  Sequence analysis , 2003 .

[16]  Yiyu Yao,et al.  Cost-sensitive three-way email spam filtering , 2013, Journal of Intelligent Information Systems.

[17]  Marie-Helen Maras,et al.  Computer Forensics: Cybercriminals, Laws, and Evidence , 2011 .

[18]  Enrico Blanzieri,et al.  A survey of learning-based techniques of email spam filtering , 2008, Artificial Intelligence Review.

[19]  Szde Yu,et al.  Email Spam and the CAN-SPAM Act: A Qualitative Analysis , 2011 .