There are many email forensic tools which can assist within the study of source and content of e-mail message so that an attack or the malicious intent of the intrusions could also be investigated. These tools while providing easy to use browser format, automated reports, and other features, help to spot the origin and destination of the message, trace the trail traversed by the message; identify spam and phishing networks, etc. This section introduces a number of these tools.
eMailTrackerPro
eMailTrackerPro analyses the headers of an e-mail to detect the IP address of the machine that sent the message in order that the sender are often tracked down. It can trace multiple e-mails at the same time and simply keep track of them. The geographical location of an IP address is vital information for determining the threat level or validity of an e-mail message. This tool can pin point the town that the e-mail presumably came from. It identifies the network provider (or ISP) of the sender and supply contact information for further investigation. the particular path to the sender’s IP address is reported during a routing table, providing additional location information to help determine the sender’s true location. The abuse reporting feature in it are often wont to make further investigation easier. It checks the mail against DNS blacklists like Spamcop to further safeguard against spam and malicious emails. It supports Japanese, Russian and Chines language spam filters besides English . a serious feature of this tool is abuse reporting that can create a report which will be sent to the ISP of sender. The ISP can then takes steps to prosecuting the account holder and help put a stop to spam.
EmailTracer
EmailTracer is an Indian effort in cyber forensics by the Resource Centre for Cyber Forensics (RCCF) which may be a premier centre for cyber forensics in India. It develops cyber forensic tools supported the wants of enforcement agencies. Among several other digital forensic tools, it’s developed an e-mail tracer tool named EmailTracer. This tool traces the originating IP address and other details from e-mail header, generates detailed HTML report of email header analysis, finds the town level details of the sender, plots route traced by the mail
and display the originating geographic location of the e-mail. Besides these, it’s keyword searching facility on e-mail content including attachment for its classification.
Also Read : E-Mail Forensic Investigation Techniques
Adcomplain
Adcomplain may be a tool for reporting inappropriate commercial e-mail forensic and usenet postings, as well as chain letters and “make money fast” postings. It automatically analyses the message,composes an abuse report, and mails the report back to the offender’s internet service provider by performing a legitimate header analysis. The report is displayed for approval before mailing to U.S. Federal Trade Commission. Adcomplain are often invoked from the instruction or automatically from many news and mail readers.
Aid4Mail Forensic
Aid4Mail Forensic is e-mail investigation software for forensic analysis, e-discovery, and litigation support. it’s an e-mail migration and conversion tool, which supports various mail formats including Outlook (PST, MSG files), Windows Live Mail, Thunderbird, Eudora, and mbox. It can search mail by date, header content, and by message body content. Mail folders and files are often processed even when disconnected (unmounted) from their email client includingthose stored on CD, DVD, and USB drives. Aid4Mail Forensic can search PST files and every one supported mail formats, by date range and by keywords within the message body or within the headers.
Special Boolean operations are supported. it’s ready to process unpurged (deleted) e-mail from mbox files and may restore unpurged e-mail during exportation.
AbusePipe
AbusePipe analyses abuse complaint e-mails and determines which of ESP’s customers is sending spam supported the knowledge in e-mailed complaints. It automatically generates reports reporting customers violating ESP’s acceptable user policy in order that action to shut them down are often taken immediately. AbusePipe are often configured to automatically reply to people reporting abuse. It can assist in meeting legal obligations like reporting on the purchasers connected to a given IP address at a given date and time.
AccessData’s FTK
AccessData’s FTK is standard court-validated digital investigations platform computer forensics software delivering computer forensic analysis, decryption and password cracking within an intuitive and customizable interface. it’s speed, analytics and enterpriseclass scalability. it’s known for its intuitive interface, e-mail analysis, customizable data views and stability. It supports popular encryption technologies, like Credant, SafeBoot, Utimaco, EFS, PGP, Guardian Edge, Sophos Enterprise and S/MIME.
Its current supported e-mail types are: Lotus Notes NSF, Outlook PST/OST, Exchange EDB, Outlook Express DBX, Eudora, EML (Microsoft Internet Mail, Earthlink, Thunderbird, Quickmail, etc.), Netscape, AOL and RFC 833.
EnCase Forensic
EnCase Forensic is computer forensic application that gives investigators the power to image a drive and preserve it during a forensic manner using the EnCase evidence file format (LEF or E01), a digital evidence container vetted by courts worldwide. It contains a full suite of analysis, bookmarking and reporting features. Guidance Software and third party vendors provide support for expanded capabilities to make sure that forensic examiners have the foremost comprehensive set of utilities. Including many other network forensics investigations, it also supports Internet and e-mail investigation. It included Instant Messenger toolkit for Microsoft Internet Explorer, Mozilla Firefox, Opera and Apple Safari. The e-mail support includes for Outlook PSTs/OSTs, Outlook Express DBXs, Microsoft Exchange EDB Parser, Lotus Notes, AOL, Yahoo, Hotmail, Netscape Mail and MBOX archives.
FINALeMAIL
FINALeMAIL can recover the e-mail database file and locates lost e-mails that don’t have data location information related to them. FINALeMAIL has the potential of restoring lost e-mails to their original state, recover full e-mail database files even when such files are attacked by viruses or damaged by accidental formatting. It can recover E- mail messages and attachments emptied from the ‘Deleted Items folder’ in Microsoft Outlook Express, Netscape Mail, and Eudora.
Sawmill-GroupWise
Sawmill-GroupWise may be a GroupWise Post Office Agent log analyser which may process log files in GroupWise Post Office Agent format, and generate dynamic statistics from them, analysing and reporting events. It can parse these logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database), aggregate them, and generate dynamically filtered reports, through an internet interface. It supports Window, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and a number of other other platforms.
Forensics Investigation Toolkit (FIT)
Forensics Investigation Toolkit (FIT) is content forensics toolkit to read and analyse the content of the web data in Packet CAPture (PCAP) format. FIT provides security administrative officers, auditors, fraud and forensics investigator also as lawful enforcement officers the facility to perform content analysis and reconstruction on pre-captured Internet raw data from wired or wireless networks. All protocols and services analysed and reconstructed are displayed in readable format to the users. the opposite uniqueness of the FIT is that the imported raw data files are often immediately parsed and reconstructed. It supports case management
functions, detailed information including Date-Time, Source IP, Destination IP, Source MAC, etc., WhoIS and Google Map integration functions. Analysing and reconstruction of varied Internet traffic types which incorporates e-mail (POP3, SMTP, IMAP), Webmail (Read and Sent), IM or Chat (MSN, ICQ, Yahoo, QQ, Skype Voice Call Log, UT Chat Room, Gtalk, IRC Chat Room), File Transfer (FTP, P2P), Telnet, HTTP (Content, Upload/Download, Video Streaming, Request) et al. (SSL) are often performed using this toolkit.
Paraben (Network) E-mail Examiner
Paraben (Network) E-mail Examiner has comprehensive analysis features, easy bookmarking and reporting, advanced Boolean searching, searching within attachments, and full UNICODE language support. It supports America On-line (AOL), Microsoft Outlook (PST, OST), Thunderbird, Outlook Express, Eudora, E-mail file, Windows mail databases and more than 750 MIME Types and related file extensions. It can recover deleted e-mails from Outlook (PST), Thunderbird, etc. Network E-mail Examiner can thoroughly examine Microsoft Exchange (EDB), Lotus Notes (NSF), and GroupWise e-mail stores. It works with E-mail Examiner and every one output is compatible and may easily be loaded for more complex tasks.
According to Simson L. Garfinkel current forensic tools are designed to assist examiners in finding specific pieces of evidence and aren’t assisting in investigations. Further, these tools were created for solving crimes committed against people where the evidence resides on a computer; they weren’t created to help in solving typical crimes committed with computers or against computers. Current tools must be re-imagined to facilitate investigation and exploration. This is especially important when the tools are used outside of the enforcement context for activities like cyber-defence and intelligence. Construction of a modular forensic processing framework for digital forensics that implements the “Visibility, Filter and Report” model would be the primary logical step during this direction.
Topic Related Questions
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com