Document Type

Conference Proceeding

Publisher

School of Computer and Information Science, Edith Cowan University, Perth, Western Australia

Abstract

Finding the source of spoofed email is a challenging task for forensic investigators. Header of an email has several fields that can be used for investigation. An investigator can easily understand the evidences embedded within most of the header fields of an email, except the message-id field. Therefore, there is a need to understand how message-ids are constructed and what useful information can be recovered from them. The immediate aim of the analysis is to find the message-id construction mechanism of ‘Sendmail’ mail transfer agent (MTA) version 8.14 and how the findings can be used successfully in forensic analysis. Source code of the ‘Sendmail’ MTA is made use of during analysis. This analysis will uncover several information that will help to find email source and validate other email header fields also. The drawbacks in message-id based forensic analysis also discussed here.

Comments

6th Australian Digital Forensics Conference, Edith Cowan University, Perth Western Australia, December 3rd 2008.

DOI

10.4225/75/57b2735e40cbe

Download

Included in

Computer Sciences Commons

COinS

Australian Digital Forensics Conference

Email 'Message-IDs' helpful for forensic analysis?

Document Type

Publisher

Abstract

Comments

DOI

Included in

Search

Links

Browse

Author Information

Article Locations

Australian Digital Forensics Conference

Email 'Message-IDs' helpful for forensic analysis?

Authors

Document Type

Publisher

Abstract

Comments

DOI

Included in

Share

Search

Links

Browse

Author Information

Article Locations