E-Mail Forensics: Techniques and Tools for ForensicInvestigation of One Court Case


  • Ljubomir Lazić Faculty Of Information Technology, Metropolitan University, Belgrade




E-mail has emerged as the most important application on the Internet for communication of messages, delivery of documents and carrying out transactions and is used not only from computers, but many other electronic gadgets such as mobile phones. This paper is an attempt to illustrate e-mail architecture from forensics perspective.  Also, this paper projects the need for e-mail forensic investigation and lists various methods and tools used for its realization. A detailed header analysis of a multiple tactic spoofed e-mail message is carried out in this paper. It also discusses various possibilities for detection of spoofed headers and identification of its originator. Furthermore, difficulties that may be faced by investigators during forensic investigation of an e-mail message have been discussed along with their possible solutions. Our focus is on email header analysis phase offered by the tools. We examine the capability of a particular tools such as EmailTrackerPro and  aid4mail in action. The paper describes the court case of cyber crime, the so-called identity theft in Internet communication via electronic mail by two business entities. Identity theft of e-mail addresses and false communications with a foreign company was carried out in order to indicate that a cash transaction of around EUR 100,000 was paid to the account of NN attackers and not to the account in the domestic Serbian bank.