Email foreincis

When an email is created and send, it travels through different mail servers on Internet before arriving to the required destination. Email Architecture: The email uses Simple Mail Transfer Protocol (SMTP) to get the email from the mail server to Internet which is received by the destination mail server, which is then transferred to the designated computer (email receiver) using POP3 (Post Office Protocol v3 the deletes email on servers when receiver downloads email) or IMAP (Internet Message Access Protocol).   Email Identities and Data: Email senders can be identified by examining the IP address of the network device that sent the email. For an experiment as a personal experience, while using outlook I was able to locate the IP address of the sender and the mail servers it passed through along with all the properties of email and transfer protocol involved in sending and receiving email by clicking in the action button and then the view message source button. Email Forensics: Paraben’s Email Examiner is one of the exclusive software for email forensics that helps in investigation. It helps email forensics to group evidence by case as well. When a paraben case is created, an investigator is attached that goes through the selected email database and group possible evidences. Email forensics also trace email location by looking at each point through which an email passed. They can work step by step to locate the originating computer through this technique. Since many servers have retention policy, email forensics can investigate through the deleted emails retained by the server.