Authors: Nattakant Utakrit
E-mail Forensics is a subset of digital forensics. It involves in an investigation of electronic mails (e-mails) by implementing forensic procedures which include collection, examination, analysis, and report of any relevant evidence into the police interrogations. The acquired evidence from e-mail can be an original source, content, and attachment file enclosed in the e-mail. The analysis of e-mail header is an in depth of investigation that forensic analyst could get more accurate and reliable finding, and can determine the criminal source and perhaps the intention of the e-mail sender. Existing studies on email header overviewed the headers’ definitions. The needed evidence to present in the courtroom was still unclear determined. Therefore, this research focuses on the e-mail header examination according to the digital forensic procedures. The study neither covered techniques of e-mail header spoofing and forging nor header modification as these issues can be examined individually for security counteracts more seriously. The full e-mail header was examined, illustrated and discussed in a forensic manner. The results showed that message identification, message priority, content type and routing information were significant in identifying the potential criminal e-mail sender. The report of such findings was as an ideal for the e-mail crime scene investigation and legal benefits.
Keywords: e-mail header; message-id; solicited mail; tracing e-mail, forensics