±Forensic Focus Partners

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 7
Overall: 27350
Visitors: 56

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Email Forensics (Read / Unread)

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

Email Forensics (Read / Unread)

Post Posted: Wed Jan 16, 2013 4:51 pm

Thanks in advance for your answers!

For legal purposes, I would like to Know if it's possible to tell if an email message has been open and read by a suspect?  

jbscarva
Newbie
 
 
  

Re: Email Forensics (Read / Unread)

Post Posted: Wed Jan 16, 2013 6:00 pm

Absent eye tracking technology, there are no artifacts left by the act of reading.

(You may wish to read the posting guidelines and ask a better question.)
_________________
Scott Tucker
Aptegra Consulting, LLC
www.aptegra.com 

TuckerHST
Senior Member
 
 
  

Re: Email Forensics (Read / Unread)

Post Posted: Wed Jan 16, 2013 6:14 pm

Question wasn't very precise.

Some (most even) E-mail clients do track which Email messages have been looked at. Doesn't mean the user actually read the E-mail however, just that it was displayed on the monitor. Further it is trivial for the user to change the state of an E-mail. (Right click ==> Mark as Unread). So no real proof.

However if you found a reply, or forwarding, for the E-mail in question, I would consider that fairly conclusive that the Email was read.  

Passmark
Senior Member
 
 
  

Re: Email Forensics (Read / Unread)

Post Posted: Wed Jan 16, 2013 6:24 pm

also a lot of clients are configured to mark an email as read once its been selected

i often do this accidently (and my email client keeps reverting my "mark as read on select" settings, which is frustrating)  

randomaccess
Senior Member
 
 
  

Re: Email Forensics (Read / Unread)

Post Posted: Wed Jan 16, 2013 7:30 pm

It depends on the system used to send the email. If the sender fires off the email with a read receipt request, the mail recipient is normally prompted to respond to the read receipt. If the mail recipient decides not to respond, then there is no confirmation mailed to the sender. Depending on receiving email server configuration, it may be possible to determine when the mail was received and if it was opened. I hope this helps.

-Dillard  

dillardo
Newbie
 
 
  

Re: Email Forensics (Read / Unread)

Post Posted: Thu Jan 17, 2013 4:25 am

Thanks for the answers!!!!

The main goal is to submit in Court, (to Judge decision), only the read messages, (are there any metadata / flag in messages or mail box, putting it as read / unread???)  

jbscarva
Newbie
 
 
  

Re: Email Forensics (Read / Unread)

Post Posted: Thu Jan 17, 2013 5:08 am

I think this area is very problematical.

I sometimes open E Mails and quickly scan them and then close them with the intention of reading them later. Sometimes I do return to them but other times they just get deleted. Would this mean that I read the E Mail?

I have an E Mail account that I share with someone – How can you determine which of us opened the E Mail?

I believe that the only sure way to determine if someone read an E Mail is to look to see what was done after it was received.

I would concentrate on the Sent items and see if you can find a response to the E Mail.

A reply that included something like “Thanks for the E Mail” or “I agree” would surely mean that the person actually read it.
_________________
There is nothing either good or bad, but thinking makes it so. 

ludlowboy
Senior Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 1 of 2
Go to page 1, 2  Next