Uploaded byforensicEmailAnalysis
PPT, PDF9,459 views

Email Headers – Expert Forensic Analysis

The document provides an overview of email headers, detailing their significance for forensic investigations and how to access them in both web-based and desktop email clients. It highlights common fields found in email headers, such as delivery-to, return-path, received, and others, while explaining their roles in the email transmission process. Additionally, it emphasizes the importance of the 'received' field in tracing the path of an email and presents instructions for viewing headers in various email applications.

Embed presentation

Downloaded 308 times
Technical Awareness on Analysis of Email Headers
Agenda  Email Headers – A Basic Introduction  Viewing Email Headers in Web – Based Email Services  Viewing Email Headers in Desktop – Based Email Client Applications  Common Fields Available in Email Headers – A Brief Overview  How Mail Works on the Internet  Investigating an Email Header – Expert Analysis
What is Email Header? Email Headers are lines of metadata (data about data) attached to each email that contain lots of useful information for a forensic investigators.
Web-Based Email Services Web-based email allows user to manage email via a web browser and sent or receive e-mail from anywhere. E-mail is not downloaded to a computer, but instead is left on the mail server until the user delete it. Examples of Web Based Email Client Applications are: - Gmail Yahoo! Mail
 Hotmail  Google Apps  Google Apps Admin  Live Exchange  Office 365  IMAP
Gmail • Log in to your Gmail account. • Open the message you want to view headers for. • Click the Down arrow next to the Reply button, located at the top right of the message pane. • Select Show Original.
Desktop Based Email Services Desktop based email clients are mailing applications that enable the users to easily manage their email accounts and perform operations such as sending and receiving of emails, managing tasks & calendar items, and many more. Examples of Desktop Based Email Client Applications are: -
 Microsoft Outlook  Outlook Express  Mozilla Thunderbird  The Bat  Pocomail  Lotus Notes  Mailbird  Postbox
Microsoft Outlook • Open Outlook. • Open a message. • On the Message tab, located in the Tag group, click the Dialog Box Launcher icon. • In the Message Options dialog box, the headers will appear in the Internet Headers box.
Investigating an Email Header Expert Analysis
 Delivery-To filed of email header shows the address of automailer.  Return-Path of email header used for bounces. The mail server will send a message to the specified email address if the message cannot be delivered.  Received-SPF: Sender Policy Framework is used to describe what mail server is allowed to send messages for a domain.
 From: Displays the name of sender. However, this information can be easily forged and hence, is least reliable.  To: Displays the name of receiver.  Subject: Represent the subject of the email message.  Date: Shows the date and time, when the email message was composed.
 Message-ID: Every email should have a message id field that: "provides a unique message identifier that refers to a particular version of a particular message.  MIME-Version: Multipurpose Internet Mail Extensions is an Internet Standard that extends the format of email message.  Content-Type: Shows the format of the message, such as html, plain text, xml.
 X-Mailer: The email client used to send the message.  Content-Language: Specify language used for content of page.  X-Antivirus: This states that what the sender’s antivirus program is such as Norton, AVG, etc.  X-Antivirus-Status: It shows that email was free or not from any viruses.
Received
Received is the most essential field of the email header. It creates a list of all the mail server through which the message traveled in order to reach the receiver. The best way to read the received fields are from bottom to top. The bottom “Received” shows the IP address of the sender’s mail server.
 The top “Received” shows the IP address of receiver mail server.  The middle “Received” shows the IP address of the mail server through which email passes from sender to receiver.
Message Header View using MailXaminer (http://www.mailxaminer.com/product)
Email Headers – Expert Forensic Analysis

More Related Content

PDF
Email Forensics
byGol D Roger
 
PPTX
Email investigation
byAnimesh Shaw
 
PPTX
Email recovery
byPalash Mehar
 
PDF
Cyber Forensics Module 2
byManu Mathew Cherian
 
PPTX
E mail forensics
bysaddamhusain hadimani
 
PPTX
Windows 10 Forensics: OS Evidentiary Artefacts
byBrent Muir
 
PPT
Internet Traffic Monitoring and Analysis
byInformation Technology
 
PPTX
Router forensics
byTaruna Chauhan
 
Email Forensics
byGol D Roger
 
Email investigation
byAnimesh Shaw
 
Email recovery
byPalash Mehar
 
Cyber Forensics Module 2
byManu Mathew Cherian
 
E mail forensics
bysaddamhusain hadimani
 
Windows 10 Forensics: OS Evidentiary Artefacts
byBrent Muir
 
Internet Traffic Monitoring and Analysis
byInformation Technology
 
Router forensics
byTaruna Chauhan
 

What's hot

PPTX
What is Email Header - Understanding Email Anatomy
byemail_header
 
PDF
Tracking Emails
byprashant3535
 
PPT
Digital Forensics
byNicholas Davis
 
PPT
Snort
byStickman Hai
 
PPTX
Network Forensics
byprimeteacher32
 
PPTX
E-mail Investigation
byedwardbel
 
PPTX
Email Forensics
byprimeteacher32
 
PPTX
Processing Crimes and Incident Scenes
byprimeteacher32
 
PPTX
Network scanning
byoceanofwebs
 
PPTX
Anti forensic
byMilap Oza
 
PDF
Network forensics
byArthyR3
 
PPTX
Introduction to Snort
byHossein Yavari
 
PPT
Intrusion Detection Systems and Intrusion Prevention Systems
byCleverence Kombe
 
PPTX
E mail Investigation
byDr Raghu Khimani
 
PPTX
Fundamentals of Network security
byAPNIC
 
PPT
Cyber forensics
bypranjal dutta
 
PPTX
What is Ping
byDisha Dudhal
 
PPTX
Network intrusion detection system and analysis
byBikrant Gautam
 
PPTX
Network scanning
byMD SAQUIB KHAN
 
PPTX
Digital forensics
byvishnuv43
 
What is Email Header - Understanding Email Anatomy
byemail_header
 
Tracking Emails
byprashant3535
 
Digital Forensics
byNicholas Davis
 
Snort
byStickman Hai
 
Network Forensics
byprimeteacher32
 
E-mail Investigation
byedwardbel
 
Email Forensics
byprimeteacher32
 
Processing Crimes and Incident Scenes
byprimeteacher32
 
Network scanning
byoceanofwebs
 
Anti forensic
byMilap Oza
 
Network forensics
byArthyR3
 
Introduction to Snort
byHossein Yavari
 
Intrusion Detection Systems and Intrusion Prevention Systems
byCleverence Kombe
 
E mail Investigation
byDr Raghu Khimani
 
Fundamentals of Network security
byAPNIC
 
Cyber forensics
bypranjal dutta
 
What is Ping
byDisha Dudhal
 
Network intrusion detection system and analysis
byBikrant Gautam
 
Network scanning
byMD SAQUIB KHAN
 
Digital forensics
byvishnuv43
 

Viewers also liked

PPTX
Module 19 tracking emails and investigating email crimes
bysagaroceanic11
 
PPTX
Files and Folders in Windows 7
byRIAH ENCARNACION
 
PDF
Forensic Anaysis on Twitter
byYansi Keim
 
PDF
Using and Developing with Open Source Digital Forensics Software in Digital A...
byMark Matienzo
 
PPT
Computer Forensics & Windows Registry
bysomutripathi
 
PPT
Part6 Private Sector Concerns
byCTIN
 
PPT
Level1 Part8 End Of The Day
byCTIN
 
PPT
Registry forensics
byPrince Boonlia
 
PPT
Nra
byCTIN
 
PDF
Digital forensic upload
bySetia Juli Irzal Ismail
 
PPTX
Web and Social Media Image Forensics for News Professionals
bySymeon Papadopoulos
 
PDF
Digital Forensic: Brief Intro & Research Challenge
byAung Thu Rha Hein
 
PPTX
Capturing forensics image
byChris Harrington
 
PPT
File system
byHarleen Johal
 
PDF
Netcat cheat sheet
byYoussoufou YABRE
 
PPT
Corporate Public Investigations
byCTIN
 
PPTX
Windows 7 forensics jump lists-rv3-public
byCTIN
 
PPTX
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
byBasis Technology
 
PPT
Windows forensic artifacts
byn|u - The Open Security Community
 
PDF
Become an Internet Sleuth!
byNearpod
 
Module 19 tracking emails and investigating email crimes
bysagaroceanic11
 
Files and Folders in Windows 7
byRIAH ENCARNACION
 
Forensic Anaysis on Twitter
byYansi Keim
 
Using and Developing with Open Source Digital Forensics Software in Digital A...
byMark Matienzo
 
Computer Forensics & Windows Registry
bysomutripathi
 
Part6 Private Sector Concerns
byCTIN
 
Level1 Part8 End Of The Day
byCTIN
 
Registry forensics
byPrince Boonlia
 
Nra
byCTIN
 
Digital forensic upload
bySetia Juli Irzal Ismail
 
Web and Social Media Image Forensics for News Professionals
bySymeon Papadopoulos
 
Digital Forensic: Brief Intro & Research Challenge
byAung Thu Rha Hein
 
Capturing forensics image
byChris Harrington
 
File system
byHarleen Johal
 
Netcat cheat sheet
byYoussoufou YABRE
 
Corporate Public Investigations
byCTIN
 
Windows 7 forensics jump lists-rv3-public
byCTIN
 
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
byBasis Technology
 
Windows forensic artifacts
byn|u - The Open Security Community
 
Become an Internet Sleuth!
byNearpod
 

Similar to Email Headers – Expert Forensic Analysis

PPTX
Email analysis
bySaiTharun48
 
PPTX
Electronic mail
byAbid Fakhre Alam
 
PDF
Final year project report on Internet And Interanet Emailing server
bysachin993
 
PPT
EmailTracing.ppt
bygovindanonymous143
 
PDF
E-Mail Header- A Forensic Key to Examine an E-Mail
byIRJET Journal
 
PPT
ch12.ppt which is very good forensics of email
bygadisagemechu1
 
PPT
Email Forensics presentations and quality stuffs
bydeqow140
 
PPT
cyber forensics Email Investigations.ppt
bymcjaya2024
 
PPTX
cyber forensics, of email analysis using
bySrinivas Kanakala
 
PPTX
Electronic mail
byBhojak Rajendra(rahul)
 
PDF
The Fundamental of Electronic Mail (E-mail)
byVishal Kumar
 
PPTX
Explains all the email concepts, mostly basic but by the end youll know how ...
bygollapallivaishnavi4
 
DOCX
Email spamming
byuno Assignment Help
 
DOCX
Chapter 10Email Forensics1Email is Often the Bes.docx
byketurahhazelhurst
 
PDF
Email as a datasource for applications
byContext.IO
 
DOCX
Online Assignment
bysubhamanu1990
 
DOCX
Running header EMAIL FORENSICSEMAIL FORENSICSEmail Forens.docx
byjeffsrosalyn
 
PPTX
E-MAIL
byrajeev bhatt
 
PPT
E-mail Investigations in computer forensics.ppt
byChSamson2
 
PDF
Electronic_Mail_Attacks-1-35.pdf by xploit
byniftliyevhuseyn
 
Email analysis
bySaiTharun48
 
Electronic mail
byAbid Fakhre Alam
 
Final year project report on Internet And Interanet Emailing server
bysachin993
 
EmailTracing.ppt
bygovindanonymous143
 
E-Mail Header- A Forensic Key to Examine an E-Mail
byIRJET Journal
 
ch12.ppt which is very good forensics of email
bygadisagemechu1
 
Email Forensics presentations and quality stuffs
bydeqow140
 
cyber forensics Email Investigations.ppt
bymcjaya2024
 
cyber forensics, of email analysis using
bySrinivas Kanakala
 
Electronic mail
byBhojak Rajendra(rahul)
 
The Fundamental of Electronic Mail (E-mail)
byVishal Kumar
 
Explains all the email concepts, mostly basic but by the end youll know how ...
bygollapallivaishnavi4
 
Email spamming
byuno Assignment Help
 
Chapter 10Email Forensics1Email is Often the Bes.docx
byketurahhazelhurst
 
Email as a datasource for applications
byContext.IO
 
Online Assignment
bysubhamanu1990
 
Running header EMAIL FORENSICSEMAIL FORENSICSEmail Forens.docx
byjeffsrosalyn
 
E-MAIL
byrajeev bhatt
 
E-mail Investigations in computer forensics.ppt
byChSamson2
 
Electronic_Mail_Attacks-1-35.pdf by xploit
byniftliyevhuseyn
 

Recently uploaded

PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PPTX
Real-Time KPI Dashboard Playbook: What to Track Live and What Not To
byvictorworkvebo
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PPTX
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PDF
AI TOOLS FOR PRODUCTIVITY IN MODERN TIMES.pdf
bySantunu
 
PDF
Chapter 6 Authentication and Access Control.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
final.pdf
byomarbishtawi04
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
Real-Time KPI Dashboard Playbook: What to Track Live and What Not To
byvictorworkvebo
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
AI TOOLS FOR PRODUCTIVITY IN MODERN TIMES.pdf
bySantunu
 
Chapter 6 Authentication and Access Control.pdf
byGetnet Tigabie Askale -(GM)
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
final.pdf
byomarbishtawi04
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 

Email Headers – Expert Forensic Analysis

  • 1.
    Technical Awareness on Analysis of Email Headers
  • 2.
    Agenda  EmailHeaders – A Basic Introduction  Viewing Email Headers in Web – Based Email Services  Viewing Email Headers in Desktop – Based Email Client Applications  Common Fields Available in Email Headers – A Brief Overview  How Mail Works on the Internet  Investigating an Email Header – Expert Analysis
  • 3.
    What is EmailHeader? Email Headers are lines of metadata (data about data) attached to each email that contain lots of useful information for a forensic investigators.
  • 5.
    Web-Based Email Services Web-based email allows user to manage email via a web browser and sent or receive e-mail from anywhere. E-mail is not downloaded to a computer, but instead is left on the mail server until the user delete it. Examples of Web Based Email Client Applications are: - Gmail Yahoo! Mail
  • 6.
     Hotmail Google Apps  Google Apps Admin  Live Exchange  Office 365  IMAP
  • 7.
    Gmail • Login to your Gmail account. • Open the message you want to view headers for. • Click the Down arrow next to the Reply button, located at the top right of the message pane. • Select Show Original.
  • 9.
    Desktop Based EmailServices Desktop based email clients are mailing applications that enable the users to easily manage their email accounts and perform operations such as sending and receiving of emails, managing tasks & calendar items, and many more. Examples of Desktop Based Email Client Applications are: -
  • 10.
     Microsoft Outlook  Outlook Express  Mozilla Thunderbird  The Bat  Pocomail  Lotus Notes  Mailbird  Postbox
  • 11.
    Microsoft Outlook •Open Outlook. • Open a message. • On the Message tab, located in the Tag group, click the Dialog Box Launcher icon. • In the Message Options dialog box, the headers will appear in the Internet Headers box.
  • 13.
    Investigating an EmailHeader Expert Analysis
  • 15.
     Delivery-To filedof email header shows the address of automailer.  Return-Path of email header used for bounces. The mail server will send a message to the specified email address if the message cannot be delivered.  Received-SPF: Sender Policy Framework is used to describe what mail server is allowed to send messages for a domain.
  • 16.
     From: Displaysthe name of sender. However, this information can be easily forged and hence, is least reliable.  To: Displays the name of receiver.  Subject: Represent the subject of the email message.  Date: Shows the date and time, when the email message was composed.
  • 17.
     Message-ID: Everyemail should have a message id field that: "provides a unique message identifier that refers to a particular version of a particular message.  MIME-Version: Multipurpose Internet Mail Extensions is an Internet Standard that extends the format of email message.  Content-Type: Shows the format of the message, such as html, plain text, xml.
  • 18.
     X-Mailer: Theemail client used to send the message.  Content-Language: Specify language used for content of page.  X-Antivirus: This states that what the sender’s antivirus program is such as Norton, AVG, etc.  X-Antivirus-Status: It shows that email was free or not from any viruses.
  • 19.
  • 20.
    Received is themost essential field of the email header. It creates a list of all the mail server through which the message traveled in order to reach the receiver. The best way to read the received fields are from bottom to top. The bottom “Received” shows the IP address of the sender’s mail server.
  • 21.
     The top“Received” shows the IP address of receiver mail server.  The middle “Received” shows the IP address of the mail server through which email passes from sender to receiver.
  • 22.
    Message Header Viewusing MailXaminer (http://www.mailxaminer.com/product)