Friday, 6 January 2017

Computer Forensics Email Investigation Techniques!

Connectivity has boomed with technological revolution in information exchange, electronic media storage, and communications. The world which appeared too large has shrunk to a level where users have multiple benefits of connectivity in business, personal, and industrial level. But technology has failed from keeping it immune from the criminals who have taken full benefits of this information age. Side effects of this immense technology as violated crimes have also started showing its presence. 

Email Investigations Computer Forensics

Crime investigators find it difficult to tackle such hurdles as electronic media evidences can be removed or deleted. Investigators try to find the evidences in emails and this study involves investigation of metadata, keyword, route of email, headers, etc. to trace the culprit. Various computer forensics email investigation tools and procedures are used for investigation to reduce time and efforts and get optimum results. The distinctive approaches of forensic examination, done on various email file formats are necessary for right investigation. Some of the most prominent tools for email investigation are;

EnCase Forensics:
This application is a foremost program which basically provides image (copy) of drive and preserves it to be used as forensics evidence with EnCase evidence file format recognized worldwide in courts. It is presented as a complete suite with advance techniques of bookmarking, analysis and reporting feature and supports Internet and email investigation also. The email files supported by this application involves majority of desktop email clients including MS Outlook PST file, Exchange EDB mailboxes, Lotus Notes NSF filesMBOX files, DBX, etc.

This application is to analyze the headers of the email which in turn gives the IP address of sender machine. So it becomes easy to trace the sender. Application is capable to trace IP addresses of multiple emails at same time and also traces out other information related to it like; city from where email came, actual path of email, network provider, etc. The best thing is tool supports various languages like Japanese, Chinese, Russian and English. And the major feature is “abuse reporting” which reports the ISP of sender.

Email Forensic Tool:
Email forensic tool is another well-designed application. It is a complete suite of various important modules. Software supports various email files (healthy and corrupted); PST, EML, Cloud based Gmail data, Exchange EDB, OST, DBX, E01, etc. Preview of email messages in various view modes like - MIME, HTML, Attachments, HEX, Email Hop View, etc. is provided which allows tracing IP address. It also involves advance search facilities and is perfect for managing multiple case studies with features like open case, close case and team collaboration which help various investigators work on same case.

This application comes from RCCF India, a prominent name for forensics investigation which has developed many other tools. Application helps to trace out IP address and other information from the headers of emails. Thus it is easy to trace where the email originates from, which path it followed, geo location, etc. following generation of detailed report in HTML format. Added benefit is it has keyword searching facilities providing more productive and detailed analysis.


These are few computer forensics email investigation tools preferred by various law enforcement agencies for the purpose of crime investigation. Some prominent names have been only added here, some of which are free and others are premium. These can be downloaded for testing their performances. One of the premium tools email forensic is also available as demo version for evaluating its working.

Forensics is an integrated part for Crime Investigation and with the involvement of such powerful tools investigators not only save their precious time, but also sniff out the right culprit.


Post a Comment