An email has become a common methodology of communication between different persons. It is also a form of file transfer between different servers running on specific port numbers. An email is normally created using a client side application such as MS Outlook, Web Client as well as Lotus Notes (IBM, 2016). It contains a sender’s identity stored as a file on a server. The information on an email is delivered to its destination recipient’s email address via a single or multiple servers (Google, 2016). Traditionally, the email service was structured to enhance communication and make it more efficient between two or more parties. Nevertheless, today, emails are employed by persons to send malicious messages and other disturbing content to the targeted recipients. This essay illustrates the steps involved in investigating an email information using forensic science and also discusses the priority action items when addressing an email crime.
Brief Case Context
This essay is a forensic analysis of a case scenario encountered in Triton Corporation. This is after an employee reports that a former employee who had been fired threatened to create havoc in the establishment. According to the reporter of the malicious email, the retrenched former employee plans to visit the corporation’s premises using a rifle and pistol with the primary intent of causing a disturbance. In response to the reported imminent attack to be perpetrated by the former employee, there are several actions that should be undertaken to remedy the situation.
Discussion on How to Handle the Situation
The first step would be to ask the reporting employee to restate his/her notification again in order to ascertain the threat of the vicious message received from the retrenched employee. Secondly, the reporting employee should be asked to forward the malicious email to the investigator for further analysis. Finally, the priority items to address should be determined in order to ensure the attainment of a fruitful execution of a forensic investigation.
Discussion of The Priority Actions Items
Determination of Whether the Email Is Real or A Hoax
So as to determine whether the reporter indeed received the vicious email from the fired employee, his computer and email account should be analyzed. An investigator should check them to determine whether the malicious email is in the inbox of the employee. In addition, an investigator should check the name of the sender from the email header so as to determine whether the retrenched employee’s names and email address are on the header.Â
Identification of The Employee
The second priority action that should be performed is the identification of the employee who sent the malicious email. The information can be attained by searching the sender’s names and email address listed on the malicious email’s header against all the names in the company’s employee information database. In most cases, organizations keep detailed information about their staff members such as their names, official pictures, and address. By using the email address and the names employed by the sender of the malicious email he/she can easily be identified.
Analysis of the Email Header
An email header performs a fundamental role in the identification of the sender of an email. Although some features in the header could be forged, it still gives sufficient information about the header. A forensic scientist can be able to identify six primary phenomena in an email header. Such includes the sender of the email, time stamp detail, and encoding information. He/she can also ascertain the network path that the email traversed as well as the information of its origination. Ultimately, a forensic analyst can determine the SMTP servers the email went through as well as the email client information.Â
Contacting the ISPs
Internet Service Providers (ISP) can be resourceful in identifying the IP address or geographical location of the sender of an email. Although such information cannot be issued to the public by ISP companies, a forensic scientist can obtain a court directive mandating an ISP provider to offer the location and information pertaining the sender of an email. As such, if the fired client used a particular ISP provider to send the malicious email to his/her former staff member, the ISP company can issue sufficient information in reference to his/her location. However, if the fired client used a Virtual Private Network (VPN) or an IP hiding software, the ISP company cannot be in a position to ascertain his/her actual geographical location.
Notifying Law Enforcement Agencies
After a forensic analysis has been performed and the name or geographical location of the malicious email sender has been identified, a forensic investigator can notify the local authorities. The investigator can either call the police or visit the police station himself/herself. Nevertheless, to avoid making allegations based on suspicions, he/she should have sufficient evidence to support the allegations of crime perpetrated by the malicious email’s sender.
Conclusion
In conclusion, emails can be used as a medium for sending malicious information or communication to other persons over two or multiple servers. In the event a malicious email is sent by a person to another, the victim of the malicious email can seek the services of a forensic investigator to determine the names and location of the sender. Some of the priority action items that should be executed while performing a forensic analysis on the crime may include determination of whether the email is real or hoax, identification of the sender and analysis of the email header. Forensic scientists could also contact the ISP companies for information about the sender of the email. Ultimately, upon gathering sufficient information pertaining the crime, the forensic scientist can inform the local law enforcement officers. Â
References
Google. (2016). G Suite Administrator: Mail routing and delivery; Guidelines and best practices. Retrieved December 21, 2016, from Google: https://support.google.com/a/answer/2685650?hl=en
IBM. (2016). IBM Knowledge Center. Retrieved December 21, 2016, from IBM: http://www.ibm.com/support/knowledgecenter/SSKTMJ_9.0.1/admin/plan_mailclients_c.html