Email forensic tools : A roadmap to email header analysis through a cybercrime use case

Charalambou, E.; Bratskas, R.; Karkas, G.; Anastasiades, A.

Artykuł - szczegóły

Tytuł artykułu

Email forensic tools : A roadmap to email header analysis through a cybercrime use case

Autorzy

Charalambou E. , Bratskas R. , Karkas G. , Anastasiades A.

Treść / Zawartość

Pełne teksty:

Pobierz

Identyfikatory

Warianty tytułu

Języki publikacji

Abstrakty

Email is one of the primary sources of numerous criminal activities, on the Internet, of which some threaten human lives. Email analysis is challenging due to not only various fields that can be forged by hackers or the wide range email applications in use, but also due to imposed law restrictions in the analysis of email body. Despite this being a relatively new area, a number of both open source and proprietary forensic tools, with varying possibilities and versatility, have been developed aiding use by practitioners. In this paper, we review existing email forensic tools for email header analysis, as part of email investigation, with emphasis on aspects related to online crime while still considering legal constraints. Through our analysis, we investigate a common case of cybercrime and examine the breadth of information one may gain solely through email forensics analysis. Additionally, a roadmap for email forensic analysis is presented, combining features and functionality already available, to assist the process of digital forensic analysis.

Słowa kluczowe

email forensics cybercrime digital forensic tools digital crime

Wydawca

Polskie Towarzystwo Bezpieczeństwa i Niezawodności

Czasopismo

Journal of Polish Safety and Reliability Association

Rocznik

2016

Tom

Vol. 7, No. 1

Strony

21--28

Opis fizyczny

Bibliogr. 37 poz.

Twórcy

autor

Charalambou E.

ADITESS Advanced Integrated Technology Solutions & Services, Nicosia, Cyprus Karkas

autor

Bratskas R.

ADITESS Advanced Integrated Technology Solutions & Services, Nicosia, Cyprus Karkas

autor

Karkas G.

ADITESS Advanced Integrated Technology Solutions & Services, Nicosia, Cyprus Karkas

autor

Anastasiades A.

Cyprus Police – Criminal Investigation department - Special cyber-crime unit2, Police Headquarters

Bibliografia

[1] AbusePipe - Abuse Email Analysis Solution for ISPs, [available at: http://www.datamystic.com/ abusepipe.html].
[2] Adcomplain Home Page, [available at: http://www.rdrop.com/users/billmc/adcomplain.ht ml].
[3] Aid4Mail Forensic, [available at: http://www.aid4mail.com/email-forensics]. [4] Al-Zarouni, M. (2004). Tracing E-mail Headers. Australian Computer, Network & Information Forensics Conference. 16-30.
[5] Arthur, K. K. & Venter, H. S. (2004). An Investigation Into Computer Forensic Tools. ISSA. 1-11.
[6] Banday, M. T. (2011). Techniques and Tools for Forensic Investigation of E-mail. International Journal of Network Security & Its Applications. 3, 6.
[7] Casey, E. (2004). The need for knowledge sharing and standardization. Digit. Investig. 1, 1, 1-2.
[8] Charalambous, E., Bratskas, R., Karkas, G., et al. (2015). An innovative Digital Forensic Tool assisting evidence analysis in Cyprus. 45-54.
[9] Crocker, D. (2009). Internet Mail Architecture.
[10] Devendran, V. K., Shahriar, H. & Clincy, V. (2015). A Comparative Study of Email Forensic Tools. J. Inf. Secur. 6, 2, 111.
[11] Digital Forensics Framework, [available at: http://www.digital-forensic.org/].
[12] E-mail Forensics in a Corporate Exchange Environment (Part 1). (2013), [available at: http://www.msexchange.org/articlestutorials/exchange-server-2013/compliancepolicies-archiving/e-mail-forensics-corporateexchange-environment-part1.html].
[13] EmailTracer | Cyber Forensics, [available at: http://www.cyberforensics.in/].
[14] EMailTrackerPro, [available at: http://www.emailtrackerpro.com.
[15] Forensic Toolkit (FTK), AccessData. (2015). http://accessdata.com/solutions/digitalforensics/forensic-toolkit-ftk.
[16] Forensics Investigation Toolkit (FIT) , [available at: http://www.edecision4u.com/FIT.html].
[17] Garfinkel, S. L. (2010). Digital forensics research: The next 10 years. Digit. Investig. 7, S64–S73.
[18] Geiger, M. (2005). Evaluating Commercial Counter-Forensic Tools. DFRWS.
[19] Guidance Software - Endpoint Data Security, eDiscovery, Forensics, [available at: https://www.guidancesoftware.com/].
[20] Ieong, R. S. C. (2006). FORZA - Digital forensics investigation framework that incorporate legal issues. Digit. Investig. 3, 29-36.
[21] Internet 2010 in numbers - Pingdom Royal, [available at: http://royal.pingdom.com/2011/01/ 12/internet-2010-in-numbers/].
[22] Investigation, Cybersecurity, Information Governance and eDiscovery Software | Nuix, [available at: http://www.nuix.com/].
[23] Köhn, M., Olivier, M. S. & Eloff, J. H. P. (2006). Framework for a Digital Forensic Investigation. ISSA. 1-7.
[24] Kurose, J. & Ross, K. (2001). Computer Networking: A Top Down Approach Featuring the Internet. AddisonWesley, Reading, MA.
[25] Lalla, H. & Flowerday, S. (2010). Towards a Standardised Digital Forensic Process: E-mail Forensics. ISSA.
[26] Leigland, R. & Krings, A. W. (2004). A formalization of digital forensics. Int. J. Digit. Evid. 3, 2, 1-32.
[27] Lim, M. J.-H. (2008). Computational intelligence in e-mail traffic analysis. University of Tasmania.
[28] MailXaminer, [available at: http://www.mailxaminer.com].
[29] McQuaid, J. (2014). Finding and Analyzing Email with IEF. Magnet Forensics, [available at: https://www.magnetforensics.com/computerforensics/finding-and-analyzing-email-with-ief/].
[30] Meghanathan, N., Allam, S. R. & Moore, L. A. (2010). Tools and techniques for network forensics. International Journal of Network Security & Its Applications. 1.1, 14-25.
[31] Nance, K., Hay, B. & Bishop, M. (2009). Digital forensics: defining a research agenda. 42nd Hawaii International Conference on System Sciences. 1-6.
[32] Paglierani, J. W. (2013). A Framework for Extended Acquisition and Uniform Representation of Forensic Email Evidence. Arizona State University.
[33] Paraben (Network) E-mail Examiner, [available at: http://www.paraben.com/email-examiner.html].
[34] Reith, M., Carr. C., & Gunsch, G. (2002). An Examination of Digital Forensic Models. International Journal of Digital Evidence.
[35] Resnick, P., et. al. (2001). Internet message format. RFC 2822. IETF.
[36] Sawmill - Universal log file analysis and reporting, [available at: https://www.sawmill.net/].
[37] U.S. Department of Justice. (2013). Regional Computer Forensics Laboratory Annual Report for Fiscal Year 2013.

Uwagi

Opracowanie ze środków MNiSW w ramach umowy 812/P-DUN/2016 na działalność upowszechniającą naukę (zadania 2017).

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-bc8cc4d5-03c2-4ba8-b73d-c3809c54458a