Email Computer Forensics fundamentals

Name: Email Computer Forensics fundamentals
Rating: 3.9 (20 reviews)

Finding and understanding evidence in email

Created byJohn Boyle

Last updated 10/2023

English

What you'll learn

Forensic explanation of client and webmail
Techniques for forensically extracting/analyzing different types of email
Understanding the concepts of email identification headers and working with attachments
Working with deleted mail, looking at calendar/task events and identifying phishing attempts
Understanding email servers and other network devices in regard to email forensics.

Course content

7 sections • 22 lectures • 1h 26m total length

Introduction5:21
Introduction to Email Forensics, an overview of the course objective and how the course will flow.
Email forensics and types of email6:31
A detailed explanation of what email is. What are the different parts of email. What is the role of the forensics examiner in email forensics. What type of crimes are commonly committed with email.
Forensics tools for email3:33
Common tools used in email forensics. Looks at open source vs commercial tools and the advantages and disadvantages of each.

PST and OST files2:44
A look at what PST and OST files are, how they are used, where are they located and how they can be used in email investigations .
eml files2:19
An eml file is a different type of email file. What are the advantages of this type of file and what can it be used for. What data can it give you?
Analysis10:25
Walk through of how to examine a PST file and what information you can get for your case with the data it provides. Look at the tool, the data and working a PST file for a forensic case.
Email on PC Quiz

Mbox files1:30
Similar to a PST file a MBOX file can hold a collection of email artifacts. What is an MBOX file, what systems use this type of file and how can you use it as an investigator.
Webmail acquisition as an MBOX file4:36
Demonstration of acquisition of the an MBOX file from a Gmail account.
Webmail Anaylsis3:16
Once you have the MBOX file, how do you use it? This lecture demonstrated how to do a forensic analysis of the emails.
From the cache3:45
How can Webmail be found in operating system artifacts. Where are these artifacts and how they be acquired for investigation.
from the provider3:23
Can the Internet Service Provider (ISP) provide email. What is the process for obtaining that information. What will be provided.
Webmail Quiz

attachments1:51
How to recognize and analyze and attachment of an email.
deleted mail4:25
Dealing with a deleted email. What are ways to discover and acquire deleted emails from different systems.
calendars and tasks2:10
How are calendars and tasks stored in different system. How can they be acquired.
Web calendar export and analysis2:38
Demonstration of acquisition and analysis of a web calendar.
phishing6:38
What is phishing, how does it work and what are the different types of phishing.
Other topics quiz

Requirements

Desire to learn more about computer forensics in regard to email communications.

Description

One of the most important aspects of a computer forensics investigation is email. Who was the suspect talking to, what were they trying to do or what were they trying to hide? Knowing the different types of email system and how to extract them and analyze them can be pivotal to any case.

Email is different than standard computer files, it is a means of communication between two parties to convey information for a purpose. Understanding those communications, where they originated from, who they are really from and what they say is a delicate task. Knowing the fundamental concepts and being about to use the tools to analyze email is crucial to any computer forensics professional.

This course of Email Computer Forensics Fundamentals will provide insight into:

What are the different types of email.
Techniques for extracting/analyzing these different types of emails.
Understanding the email itself in regard to identification, reading the headers and viewing attachments
Where to find deleted mail.
Looking at calendar/task events.
What are the different types of of phishing attempts and how to recognition them.
What is Data Loss Prevention(DLP) software and how can they prevent email attacks.

The course will consist of presentations to explain the concepts of email computer forensics as well as demonstrations of proper collection and preservation of digital evidence.

It is designed for anyone with an interest email computer forensics to get a taste of the real world of examining smart phones and tablets.

As an introductory course it will consist of presentations, hands on lessons and quizs.

Who this course is for:

Anyone with an interest in the forensics of emailcommunications.
Computer forensics professionals with and interest in learning more about email communications.
Computer forensics students with and interest in email communications.

Email Computer Forensics fundamentals

What you'll learn

Explore related topics

Course content

Introduction3 lectures • 15min

On the computer3 lectures • 15min

Webmail5 lectures • 17min

Email identification2 lectures • 10min

Related topics5 lectures • 18min

Network and Enterprise Email Forensics2 lectures • 7min

Wrap up2 lectures • 5min

Requirements

Description

Who this course is for: