Chapter 12
Steps involved in investigating e-mail crimes and violations: cont
Analyze the e-mail headers Trace the e-mail Acquire e-mail archives Examine e-mail logs Types of encoding in emails
Chapter 12 Summary
Headers contain significant information regarding the mail, such as sent time, unique identifying numbers, IP address of the sending server, etc.
Crimes supported by e-mails
Identity Fraud Cyber-stalking Child pornography Child abduction
Proprietary Assets: cont
It helps to produce data on demand and withhold it for inspection. It helps in capacity management for effective usage of the IT resources such as servers and disk storage. Helps in preserving original form of email messages, thereby ensuring consistent mail forms.
Proprietary Assets: cont
It helps to the organizations to tackle any legal mandates pertaining to the protection of the organization. It protects against unauthorized access or manipulations of electronic data It reduces the retrieval costs of the records that are no longer required to be maintained on the system and also reduces the burden of keeping paper records
E-mail crime can be categorized in two ways: Crimes committed by sending e-mails: cont
Mail bombing - primary objective behind mail bombing is to overload the email server and degrade the communication system by making it unserviceable. 40 Mail storms - occurs when computers start communicating without human intervention.
Steps involved in investigating e-mail crimes and violations
Obtain a Search Warrant Examine e-mail messages Copy and print the e-mail messages View the e-mail headers
CAN-SPAM's main requirements meant for senders: cont
The email must contain the necessary information regarding how to stop receiving e-mails from the sender in future Honor recipients opt-out request within 10 business days Both the company whose product is promoted in the message and the e-mailer hired on contract to send messages must comply with the law
Chapter 12 Summary
"Received" headers maintain a record of the detailed log history of message history, and they help to find out the origin of an e-mail, even when other headers have been forged
Chapter 12 Summary
An e-mail system consists of e-mail servers and e-mail clients An e-mail client, also known as a mail user agent (MUA), is a computer program for accessing and managing emails An e-mail server connects to and serves several e-mail clients
BinHex
BinHex is the short form for "binary-to-hexadecimal." It is a binary-to-text encoding system used on Mac OS to send binary files via e-mails. This system is similar to Uuencode, but BinHex combines both "forks" of the Mac file system including extended file information.
CAN-SPAM's main requirements meant for senders:
CAN-SPAM's main requirements meant for senders: Do not use false or misleading header information Do not use deceptive subject lines The commercial e-mail must be identified as an ad The email must have your valid physical postal address
E-mail crime can be categorized in two ways: Crimes committed by sending e-mails
E-mail crime can be categorized in two ways: Crimes committed by sending e-mails Spamming Phishing
Crimes supported by e-mails: cont
Email crimes and violations depend on the cyber laws created by the government of the place from where the email originates. We can categorize email crime in two ways: one committed by sending emails and the other is the crime is supported by emails.
Proprietary asset
For an organization, any information in the form of electronic documents or records is a proprietary asset. Electronic Records Management makes sure that the organization has all the documents or records it needs when they are required.
Forensic Toolkit (FTK)
Forensic Toolkit (FTK) is a court-cited digital investigations platform built for speed, stability and ease of use. It provides comprehensive processing and indexing up front, so that filtering and searching is fast.
IMAP
IMAP(port 143 or 993) stores emails on the mail server and allows users to view and manipulate their emails, as if the mails are stored on their local systems. This enables the users to organize all the mails depending on their requirement.
Paraben's Email Examiner: cont
It recovers email in the deleted folders, supports advanced searching, reporting and exporting to PST and other formats and supports all major email types that are stored on local computers for analysis, reporting, and exporting/conversion.
Kernel for PST Recovery
Kernel for PST Recovery is able to repair corrupted PST file and recover all email items from them. It successfully fixes errors resulted due to damaged or corrupted PST file, virus attacks, deleted emails, broken PST files, header corruption, disk corruption, errors due to large PST file size and others.
MIME
MIME It is an Internet standard that extends the email format for supporting the following: Text in non-ASCII character sets Attachments like application programs, images, audio, video, etc. other than text Multiple part message bodies Non-ASCII character set header information
Chapter 12 Summary
Online e-mail programs such as AOL, Gmail, and Yahoo! leave the files containing e-mail messages on the computer in different folders such as History, Cookies, Temp, Cache, and Temporary Internet Folder
POP3
POP3 (Post Office Protocol, v3, port 110) is a simple protocol for retrieving emails from an email server. When the POP server receives emails, they are stored on the server until and unless the user requests it.
Paraben's Email Examiner
Paraben's Email Examiner examines email formats including Outlook (PST and OST), Thunderbird, Outlook Express, Windows mail and more. It allows to analyze message headers, bodies and attachments.
SMTP
SMTP (Simple Mail Transfer Protocol, port 25) is an outgoing mail server, which allows a user to send emails to a valid email address.
Stellar Phoenix Deleted Email Recovery
Stellar Phoenix Deleted Email Recovery is a software that safely recovers lost or deleted emails from MS Outlook data (PST) files and Outlook Express data (DBX) files.
The CAN-SPAM Act
The CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography and Marketing Act) is a law that sets the rules for sending e-mails for commercial purposes, establishes the minimum requirements for commercial messaging, gives the recipients of e-mails the right to ask the senders to stop e-mailing them, and spells out the penalties in case if the rules are violated.
Uuencode/Uudecode
Uuencode also known as UNIX-to-UNIX encoding or Uuencode/Uudecode, is a utility for encoding and decoding files shared between users or systems using the UNIX operating systems. It is also available for all other operating systems, and many e-mail applications offer it as an encoding alternative, especially for e-mail attachments.
Crimes supported by e-mails: cont
When criminals use emails for selling narcotics, stalking, fraud, child pornography, or child abduction, spamming, fake email, mail bombing, or mail storms then we can say that emails support cybercrime.
Uuencode/Uudecode: cont
While sending e-mails with attachments, if the recipient(s) do not have an MIME-compliant system, the Uuencode should be used to send the attachment as an e-mail note.