±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 35880
New Yesterday: 7 Visitors: 126

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Email Date & Time

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Nige
Newbie
 

Email Date & Time

Post Posted: May 27, 11 02:44

I have a case were two printed emails from several years ago are of interest.

The content of both is identical save for the second one is timed exactly 24 hours after the first. I am advised the mails were generated on a bespoke (read unknown) web based system and that they could have been sent from any one of a number of clients within one office. Neither the server,client's or recipients machine exist today so nothing to examine and header information available. The clients and server are in the same time zone.

I am looking for explanations as to the 24 hour time difference.

Apart from the obvious, someone changed the clock on the client or the clock was slow, the web server was out of date, or someone spoofed the date can anyone offer other explanations please.

Thanks in anticipation  
 
  

lucpel
Senior Member
 

Re: Email Date & Time

Post Posted: May 27, 11 03:45

If ip address and route are the same, i would check the time intervals between sender and receiver. eg:

From Mr. Sender Wed May 25 19:50:18 2011
X-Apparently-To: [email protected] via 209.191.69.180; Wed, 25 May 2011 12:51:10 -0700

The time difference here is 1 second - 0.08. (considering the time zone difference 12:51 + 7)
This time difference of an email sent after 24 hours would rarely be the same one. If both time differences match....(and Considering that you just have printed versions), i would rather think that one of the email headers was modified on purpose, and printed.

Just my opinion,,, cheers  
 
  

Nige
Newbie
 

Re: Email Date & Time

Post Posted: May 27, 11 04:05

Thanks lucpel - I have just noticed a typo in my original post which should say No header information available.  
 
  

lucpel
Senior Member
 

Re: Email Date & Time

Post Posted: May 29, 11 10:38

Yeah, was a typo misunderstood. Then, I would analyze particular characteristics of the printed version, like font type, font size, paper quality, or ink type. If these characteristics are not the same, at least you could dismiss some possibilities,  
 

Page 1 of 1