Using Chapter 10 as a reference, eExplain the concept of information stores. Why is an understanding of how different clients store messaging information critical to the success of an email search?
Post between 200 and 300 words.
Write your answer using a WORD document. Do your own work. Submit here. Note your Safe Assign score. Score must be less than 25 for full credit.
Digital ForensicsCybersecurity
Chapter 10
Email Forensics
1
Email is Often the Best Evidence
Contents can demonstrate intent
Header data can demonstrate the source
Timestamps can show intent to mislead
Show up as evidence in a vast majority of cases
Email Structure
Plain text emails don’t support graphics
HTML structured emails support graphics and embedded content
Attachments can accompany the message as a separate file
Email Technology
Mail user agent is a software interface that represents the end user
Mail transport agent moves messages from point A to point B
Mail client is the application that provides end user support
Mail server handles addressing and transport
Email Addresses
Each user ID must be unique to a particular domain
The same user ID on a different domain may or may not represent the same user
User IDs are easily spoofed with the right software
Email Protocols
Mailbox protocols
Post Office Protocol, ver. 3 (POP3)
Internet Message Access Protocol (IMAP)
Transport protocols
Simple Mail Transport Protocol (SMTP)
Email Clients
Perform some basic functions
Send messages
Receive messages
Manage content (including attachments)
Are operating system specific
Determine how information is archived on the system
May be a local client or web-based
Information Stores
Acts as a cabinet for the information stored by the client
Sent/Received messages
Address books
Calendars
Each client has a specific format for storing data
Email Servers
Act as relay agents for moving messages across the Internet
SMTP servers handle all outgoing messages
IMAP or POP3 servers handle all incoming messages
Server applications such as Microsoft Exchange combine SMTP with POP/IMAP
Standard Header Information
TO:
FROM:
SUBJECT:
DATE:
All of these are easily spoofed
MIME Header Information
Information stored in the header that includes:
Time/Date stamps for various actions along the way
Server information for relay servers along the way
A message ID unique to this message across the Internet
Versions of software used along the way
IDs of blind carbon copy recipients
A return path
Tracing the Origin of a Message
Each server that relays the message adds its IP address
Each relay server maintains logs for a certain period of time that indicates the IP address of the sender as well as the intended recipient
While the time stamp can be manipulated at the origin, the ones added along the way are likely real
Some Email Search Tools
Clearwell
Paraben
GREP
Search Results
False positives – looks right but isn’t
False negatives – doesn’t look right, but is
A measure of accuracy is “precision”
Ratio of false positives to false negatives
A measure of effectiveness is “recall”
Percentage of relevant emails that were found
Advanced Search Methods
Stationary User Profiles – a method of determining if a user makes use of multiple accounts
Similar Users – a way of determining if what appears to be a single user is actually multiple users
Attachment Statistics – a user’s typical behavior regarding attachments is analyzed
Recipient Frequency – what types of messages a specific user usually receives
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Achiever Papers is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Dissertation Writing Service Works
First, you will need to complete an order form. It's not difficult but, if anything is unclear, you may always chat with us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download