±Your Account
Membership:
New Today: 8
New Yesterday: 7
Overall: 24189
Visitors: 39±Latest Webinar
±Latest Articles
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Windows 8: Important Considerations for Computer Forensics and Electronic Discovery
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Windows 8: Important Considerations for Computer Forensics and Electronic Discovery
±Follow Us
±Latest Jobs
Back to top
Skip to content
Skip to menu
Back to top
Back to main
Skip to menu
Go to page 1, 2 Next
Email Forensics (Read / Unread)
Email Forensics (Read / Unread)
Posted: Wed Jan 16, 2013 4:51 pm
Thanks in advance for your answers!
For legal purposes, I would like to Know if it's possible to tell if an email message has been open and read by a suspect?
For legal purposes, I would like to Know if it's possible to tell if an email message has been open and read by a suspect?
-
jbscarva - Newbie
Re: Email Forensics (Read / Unread)
Posted: Wed Jan 16, 2013 6:00 pm
Absent eye tracking technology, there are no artifacts left by the act of reading.
(You may wish to read the posting guidelines and ask a better question.)
_________________
Scott Tucker
Aptegra Consulting, LLC
www.aptegra.com
(You may wish to read the posting guidelines and ask a better question.)
_________________
Scott Tucker
Aptegra Consulting, LLC
www.aptegra.com
-
TuckerHST - Senior Member
Re: Email Forensics (Read / Unread)
Posted: Wed Jan 16, 2013 6:14 pm
Question wasn't very precise.
Some (most even) E-mail clients do track which Email messages have been looked at. Doesn't mean the user actually read the E-mail however, just that it was displayed on the monitor. Further it is trivial for the user to change the state of an E-mail. (Right click ==> Mark as Unread). So no real proof.
However if you found a reply, or forwarding, for the E-mail in question, I would consider that fairly conclusive that the Email was read.
Some (most even) E-mail clients do track which Email messages have been looked at. Doesn't mean the user actually read the E-mail however, just that it was displayed on the monitor. Further it is trivial for the user to change the state of an E-mail. (Right click ==> Mark as Unread). So no real proof.
However if you found a reply, or forwarding, for the E-mail in question, I would consider that fairly conclusive that the Email was read.
-
Passmark - Senior Member
Re: Email Forensics (Read / Unread)
Posted: Wed Jan 16, 2013 6:24 pm
also a lot of clients are configured to mark an email as read once its been selected
i often do this accidently (and my email client keeps reverting my "mark as read on select" settings, which is frustrating)
i often do this accidently (and my email client keeps reverting my "mark as read on select" settings, which is frustrating)
-
randomaccess - Senior Member
Re: Email Forensics (Read / Unread)
Posted: Wed Jan 16, 2013 7:30 pm
It depends on the system used to send the email. If the sender fires off the email with a read receipt request, the mail recipient is normally prompted to respond to the read receipt. If the mail recipient decides not to respond, then there is no confirmation mailed to the sender. Depending on receiving email server configuration, it may be possible to determine when the mail was received and if it was opened. I hope this helps.
-Dillard
-Dillard
-
dillardo - Newbie
Re: Email Forensics (Read / Unread)
Posted: Thu Jan 17, 2013 4:25 am
Thanks for the answers!!!!
The main goal is to submit in Court, (to Judge decision), only the read messages, (are there any metadata / flag in messages or mail box, putting it as read / unread???)
The main goal is to submit in Court, (to Judge decision), only the read messages, (are there any metadata / flag in messages or mail box, putting it as read / unread???)
-
jbscarva - Newbie
Re: Email Forensics (Read / Unread)
Posted: Thu Jan 17, 2013 5:08 am
I think this area is very problematical.
I sometimes open E Mails and quickly scan them and then close them with the intention of reading them later. Sometimes I do return to them but other times they just get deleted. Would this mean that I read the E Mail?
I have an E Mail account that I share with someone – How can you determine which of us opened the E Mail?
I believe that the only sure way to determine if someone read an E Mail is to look to see what was done after it was received.
I would concentrate on the Sent items and see if you can find a response to the E Mail.
A reply that included something like “Thanks for the E Mail” or “I agree” would surely mean that the person actually read it.
_________________
There is nothing either good or bad, but thinking makes it so.
I sometimes open E Mails and quickly scan them and then close them with the intention of reading them later. Sometimes I do return to them but other times they just get deleted. Would this mean that I read the E Mail?
I have an E Mail account that I share with someone – How can you determine which of us opened the E Mail?
I believe that the only sure way to determine if someone read an E Mail is to look to see what was done after it was received.
I would concentrate on the Sent items and see if you can find a response to the E Mail.
A reply that included something like “Thanks for the E Mail” or “I agree” would surely mean that the person actually read it.
_________________
There is nothing either good or bad, but thinking makes it so.
-
ludlowboy - Member