email forensics Archives - Forensic Focus

Import Microsoft Outlook Data Files Into Oxygen Forensic® Detective

15th November 2022

Email messages can be a goldmine of digital evidence both in criminal and corporate investigations. Oxygen Forensic® Detective enables email data extraction from mobile devices, computers, and from the cloud. Overall, utilizing various extraction methods, investigators can extract the following… Read more

Leveraging DKIM In Email Forensics

12th May 202027th May 2019

by Arman Gungor My last article was about using the Content-Length header field in email forensics. While the Content-Length header is very useful, it has a couple of major shortcomings: Most email messages do not have the Content-Length header field… Read more

Using The Content-Length Header Field In Email Forensics

12th May 202029th March 2019

by Arman Gungor As forensic examiners, we often have to analyze emails in isolation without the benefit of server metadata, neighbor messages, or data from other sources such as workstations. When authenticating an email in isolation, every detail counts—we review… Read more

Forensic Examination Of Manipulated Email In Gmail

12th May 202029th January 2019

by Arman Gungor Last week, I came across an interesting post on Forensic Focus. The poster, jahearne, was asking about how one can detect manipulation of an existing email in Gmail. In his hypothetical scenario, the bad actor was using… Read more

Searching And Filtering Emails When Forensically Collecting Mailboxes

12th May 202011th May 2018

Hand-drawn contacts and emails sketch with depth of field focus

by Arman Gungor When mailboxes are forensically preserved for eDiscovery or digital forensic investigations, their contents are almost always searched and filtered. Filtering emails helps overcome time, scope and cost constraints and alleviates privacy concerns. There are two main ways… Read more

E-mail and appointment falsification analysis

12th May 202017th July 2011

First published September 2009 Analysis of e-mail and appointment falsification on Microsoft Outlook/Exchange By Joachim Metz Hoffmann Investigations www.hoffmannbv.nl Version: 1.0 Joachim Metz August 17, 2009 Initial version. Summary In digital forensic analysis it is sometimes required to be able… Read more

Email Evidence – Now You See it, Now You Don’t!

12th May 202014th July 2011

First published October 2008 By Sandy Boucher and Barry Kuang, Intelysis Corp. Background With the ever increasing role of computers and electronic communications in both our business and personal lives, emails have taken on a key evidentiary role in many… Read more