Hey guys,
I am working on a case which I have an android device. I managed to get a complete physical aquistition. I also managed to the the google.gm folder that contains all db's related to the stored emails on the device. After getting a specific mail I tried to retrieve the originating IP. I looked for the header in the databases but didn't find the mail header. Are there anyways I can retrieve the X-Originating-IP ?? It needed for the case otherwise I won't be able to use the mail.
Thank you
As far as I am aware neither the default Android mail handler nor the Gmail handler store the message headers so I'm afraid you are out of luck.
Another issue is that X-Originating-IP was only a reliable source for some mail and not for others. I for one would never stand in court and state that this IP address was the definitive source of the email.
If you read Athulin's comment in this thread http//www.forensicfocus.com/Forums/viewtopic/t=11968/ then you should know that 'X-' headers have been deprecated anyway.
Sorry to be the bearer of bad news…