Techniques and Tools for Forensic Investigation of E-mail

  title={Techniques and Tools for Forensic Investigation of E-mail},
  author={Mohammad Tariq Banday},
  journal={International Journal of Network Security \& Its Applications},
  • M. T. Banday
  • Published 30 November 2011
  • Computer Science
  • International Journal of Network Security & Its Applications
E-mail has emerged as the most important application on Internet for communication of messages, delivery of documents and carrying out of transactions and is used not only from computers but many other electronic gadgets like mobile phones. Over a period of year’s e-mail protocols have been secured through several security extensions and producers, however, cybercriminals continue to misuse it for illegitimate purposes by sending spam, phishing e-mails, distributing child pornography, and hate… 

Figures and Tables from this paper

Review of E-mail System , Security Protocols and Email Forensics

Working and architecture of current email system and the security protocols followed generally to secure email communications are reviewed and further email forensics which is a process to analyze email contents, header information, transit path for email, sender or receiver information and other details to collect evidence against culprit or to make the authors' system more secure is discussed.

E-Mail Forensics: Techniques and Tools for ForensicInvestigation of One Court Case

  • L. Lazic
  • Computer Science
    JITA - Journal of Information Technology and Applications (Banja Luka) - APEIRON
  • 2019
The paper describes the court case of cyber crime, the so-called identity theft in Internet communication via electronic mail by two business entities, and examines the capability of a particular tools such as EmailTrackerPro and  aid4mail in action on email header analysis phase.

An Empirical Analysis of Email Forensics Tools

This research experimentally compares the performance of several email forensics tools in terms of their keyword search, report generation, and other features such as, email format, size of the file accepted, whether they work online or offline, format of the reports, etc.


A measure in which SMTP servers can enforce a policy to check date fields of E-mail header against a threshold/margin to detect date and time spoofing is presented.

Electronic mail forensic algorithm for crime investigation and dispute settlement

This study presents the email investigation algorithm that can be used by law enforcement and other investigation units in order to identify the culprits spreading malicious and disputed emails, and considers email header, email server logs, and local devices analysis in addressing email related disputes.

Live forensics of tools on android devices for email forensics

The subject of this research focused on Android-based email service to get as much digital evidence as possible on both tools to acquire digital evidence using National Institute of Standards and Technology method.

Email forensic tools : A roadmap to email header analysis through a cybercrime use case

This paper reviews existing email forensic tools for email header analysis, as part of email investigation, with emphasis on aspects related to online crime while still considering legal constraints, and presents a roadmap for email forensic analysis.

Email Analysis in Fraud Investigation: Digital Forensic and Network Analysis Approach

Using email metadata and email body, this research performs a digital forensic framework: preparation, gathering, processing, and presentation, combines with social network analysis to be applicable in the investigation.

Improving Efficiency of E-mail Classification Through On-Demand Spam Filtering

  • Shafiya Afzal SheikhM. T. Banday
  • Computer Science
    2020 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO)
  • 2020
An on-demand spam filtering mechanism which allows an e-mail client to notify its users about the presence of spam messages in their inboxes and moves them to junk folders is proposed as a solution to this vulnerability.

Literature Review of Email Forensics

As the number of crimes are increasing in this area there is need arise to do investigation of emails, and hence Email forensic is important to study.



An Investigation Into Computer Forensic Tools

This investigation will address commonalities across the Forensic tools, their essential differences and ultimately point out what features need to be improved in these tools to allow for effective autopsies of storage devices.

Tracing E-mail Headers

  • M. Al-Zarouni
  • Computer Science
    Australian Computer, Network & Information Forensics Conference
  • 2004
This paper will discuss tracing e-mail headers and issues associated with it. It will address both HTTP & SMTP initiated e-mails. It will discuss different ways used by e-mail senders to evade

Internet Mail Architecture

This document offers an enhanced Internet Mail architecture that targets description of the existing service, in order to facilitate clearer and more efficient technical, operations and policy discussions about email.

Evaluating Commercial Counter-Forensic Tools

Six counter-forensic tools are reviewed and each creates a distinct operational fingerprint that an analyst may use to identify the application used and, thus, guide the search for residual data.

Enterprise wide electronic mail using IMAP

The presentation will describe the project in detail, discuss the issues and obstacles faced in standardizing on IMAP service, and identify the remaining details as the April 2000 deadline for full conversion to the IMAP protocol is approached.

Digital forensics research: The next 10 years

Towards a Standardised Digital Forensic Process: E-mail Forensics

The challenges that face digital forensic investigators as well as process models currently employed are discussed, which aid in the development of a methodology that is comprehensive and provides forensic investigators with a robust foundation in order to produce legally admissible evidence in a court of law.

Digital Forensics: Defining a Research Agenda

This paper outlines some of the ideas generated and new research categories and areas identified at the meeting of a group of digital forensics researchers, educators and practitioners, as well as a plan for future development of a formalized research agenda.

A comparative study of Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP) and X.400 Electronic Mail Protocols

An analytical model is proposed for the approximation of the upper and lower bounds of volume generated by SMTP which can be extended for POP3 and considers both explicit and piggyback acknowledgements at the TCP layer.

The Domain Name System - Past, Present, and Future

The history of the Domain Name System is divided into six eras, based on underlying technological and administrative themes within each era, to guide future study of the DNS evolution and its influences from political, legal, psychological, sociological, and technological perspectives.