Scribd
Upload
77 views49 pages

CHFI Module 9 PPTX

This document discusses investigating email crimes. It covers understanding email basics like components and how communication works. It outlines steps to investigate email crimes including seizing accounts, acquiring email data from clients like Outlook and Thunderbird, examining messages, retrieving and analyzing headers to check authenticity and IP addresses. It discusses recovering deleted emails and laws against email crimes like the CAN-SPAM Act in the US. The goal is to give forensic investigators knowledge of email systems and the process for investigating email-related crimes.

Uploaded by

LeonZY Gui
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
77 views49 pages

CHFI Module 9 PPTX

This document discusses investigating email crimes. It covers understanding email basics like components and how communication works. It outlines steps to investigate email crimes including seizing accounts, acquiring email data from clients like Outlook and Thunderbird, examining messages, retrieving and analyzing headers to check authenticity and IP addresses. It discusses recovering deleted emails and laws against email crimes like the CAN-SPAM Act in the US. The goal is to give forensic investigators knowledge of email systems and the process for investigating email-related crimes.

Uploaded by

LeonZY Gui
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 49

COMPUTER HACKING FORENSICS INVESTIGATOR (CHFI)

MODULE 9
Investigating Email Crimes
Learning Object Ives

▪ Understand Email Basics

▪ Understand Email Crime Investigation and its Steps

▪ U.S. Laws Against Email Crime


Understand Email Basics
Understand Email Basics

▪ An increasing number of enterprises are now using email as their primary


communication mode.

▪ The growing dependence on emails has also given rise to email crimes.

▪ Therefore, forensic investigators need to have a complete understanding of an


email system and its inner architecture, along with the components that work
together to deliver an email from a sender to recipients.

▪ This section discusses the fundamentals of an email system.


Introduction to an Email System
Components Involved in Email Communication
Components Involved in Email Communication (Cont’d)
How Email Communication Works?
Understanding the Parts of an Email Message
Understand Email Crime Investigation and its Steps
Introduction to Email Crime Investigation
Steps to Investigate Email Crimes
Step 1: Seizing the Computer and Email Accounts
Step 2: Acquiring the Email Data
Acquiring Email Data from Desktop-based Email Clients
Local Email Files in Microsoft Outlook
Local Email Files in Microsoft Outlook (Cont’d)
Local Email Files in Mozilla Thunderbird
Local Email Files in Mozilla Thunderbird (Cont’d)
Local Email Files in Mozilla Thunderbird (Cont’d)
Local Email Files in Mozilla Thunderbird (Cont’d)
Local Email Files in Mozilla Thunderbird (Cont’d)
Acquiring Outlook Email Files: .ost to .pst File Conversion
Acquiring Outlook .pst File via SysTools MailPro+
Step 3: Examining Email Messages
Step 4: Retrieving Email Headers
Retrieving Email Headers in Microsoft Outlook
Retrieving Email Headers in Microsoft Outlook.com
Retrieving Email Headers in Apple Mail
Retrieving Email Headers in Gmail
Retrieving Email Headers in Yahoo Mail
Step 5: Analyzing Email Headers
Analyzing Email Headers (Cont’d)
Analyzing Email Headers (Cont’d)
Analyzing Email Headers: Checking Email Authenticity
Analyzing Email Headers: Examining the Originating IP Address
Investigating a Suspicious Email
Investigating a Suspicious Email (Cont’d)
Investigating a Suspicious Email (Cont’d)
Investigating a Suspicious Email (Cont’d)
Step 6: Recovering Deleted Email Messages
Recovering Deleted Email Messages from Outlook .pst Files Using
Paraben’s Electronic Evidence Examiner
Recovering Deleted Email Data from Thunderbird Using Paraben’s
Electronic Evidence Examiner
Recovering Deleted Email Data from Thunderbird Using Paraben’s
Electronic Evidence Examiner (Cont’d)
U.S. Laws Against Email Crime

U.S. Laws Against Email Crime: CAN-SPAM Act

▪ Countries such as the United States have enforced laws and regulations in an attempt to
mitigate email crimes.

▪ This section discusses the CAN-SPAM Act of the United States that prohibits email
spam/spoofing activities.
U.S. Laws Against Email Crime: CAN-SPAM Act
U.S. Laws Against Email Crime: CAN-SPAM Act (Cont’d)
Module Summary
Thank
You
Dr. Ngu

You might also like