Towards Comprehensive and Collaborative Forensics on Email Evidence

Paglierani, Justin; Mabey, Mike; Ahn, Gail-Joon

doi:10.4108/icst.collaboratecom.2013.254125

Cited by 10 publications

(9 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Related Approaches (F1). Very few approaches are currently available to an investigator to complete component F1 of the framework, and even fewer are automated [22]. Dykstra and Sherman [11] have evaluated the efficacy of forensic tools in acquiring evidence from an Amazon EC2 instance.…”

Section: Acquisitionmentioning

confidence: 99%

“…Email Forensics XML (EFXML) [22] was designed to store email evidence in a manner similar to DFXML. Instead of storing email in its entirety, EFXML only stores the metadata (i.e., headers) of all the email in a dataset.…”

Section: Related Approaches (F4)mentioning

confidence: 99%

“…Paglierani et al [22] have developed a framework for automatically discovering, identifying and reusing credentials for web email to facilitate the acquisition of email evidence. Although their approach directly addresses the objectives of discovering and acquiring web evidence (F1) and provides a concise, structured format for storing email evidence (F4), their framework is tailored too closely to web email to be applied to web environments in general.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Challenges, Opportunities and a Framework for Web Environment Forensics

Mabey

Doupé

Zhao

et al. 2018

Advances in Digital Forensics XIV

Self Cite

View full text Add to dashboard Cite

The web has evolved into a robust and ubiquitous platform, changing almost every aspect of people's lives. The unique characteristics of the web pose new challenges to digital forensic investigators. For example, it is much more difficult to gain access to data that is stored online than it is to access data on the hard drive of a laptop. Despite the fact that data from the web is more challenging for forensic investigators to acquire and analyze, web environments continue to store more data than ever on behalf of users. This chapter discusses five critical challenges related to forensic investigations of web environments and explains their significance from a research perspective. It presents a framework for web environment forensics comprising four components: (i) evidence discovery and acquisition; (ii) analysis space reduction; (iii) timeline reconstruction; and (iv) structured formats. The framework components are non-sequential in nature, enabling forensic investigators to readily incorporate the framework in existing workflows. Each component is discussed in terms of how an investigator might use the component, the challenges that remain for the component, approaches related to the component and opportunities for researchers to enhance the component.

show abstract

Section: Acquisitionmentioning

confidence: 99%

Section: Related Approaches (F4)mentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Challenges, Opportunities and a Framework for Web Environment Forensics

Mabey

Doupé

Zhao

et al. 2018

Advances in Digital Forensics XIV

Self Cite

View full text Add to dashboard Cite

show abstract

“…Their focus helped us to know more about email identification patters. [7] Lili proposed an investigation and data analysis method for Foxmail client, which revels a participle algorithm for content retrieval of, email message and headers to trace suspicious users. This contribution helped us to understand structure of headers and its retrieval process.…”

Section: Research Backgroundmentioning

confidence: 99%

SSL based Webmail Forensic Engine

Manesh¹,

Abdalla²,

Sha³

et al. 2017

ijacsa

View full text Add to dashboard Cite

Abstract-In this era of information technology, email applications are the foremost and extensively used electronic communication technology. Emails are profusely used to exchange data and information using several frontend applications from various service providers by its users. Currently most of the email clients and service providers now moved to secured data communications using SSL or TLS security for their data exchanged. Cyber criminals and terrorists have started by means of this mode for exchanging their malicious information in their transactions. Forensic experts have to face greater difficulty and multiple challenges in tracing crucial forensic information from network packets as the communication is secured. These challenges might affect the digital forensic experts in procuring substantial evidences against such criminals from their working environments. This research work revels working background of SSL based webmail forensic engine, which decrypt respective communication or network session and also reconstruct the actual message contents of webmail applications. This digital forensic engine is compatible to work with in proxy servers and other computing environments and enables forensic reconstruction followed by analysis of webmail clients. Proposed forensic engine employs is a highspeed packet capturing hardware module, a sophisticated packet reformation algorithm; restores email header and messages from encrypted stream of SMTP and POP3 network sessions. Proposed forensic engine also support cyber investigation team with generated forensic report and prosecution of culprits by judiciary system of the specific country.

show abstract

“…Email forensics is an integral part of many digital forensics investigations. Researchers and practitioners have studied various aspects of email forensics such as tool development [3,6], technique [4], technologies [7], and methodologies [8] to assist forensics investigators. In this section, we present most of the relevant research results in this field.…”

Section: Introductionmentioning

confidence: 99%

An Empirical Analysis of Email Forensics Tools

2020

View full text Add to dashboard Cite

Emails are the most common service on the Internet for communication and sending documents. Email is used not only from computers but also from many other electronic devices such as tablets; smartphones, etc. Emails can also be used for criminal activities. Email forensic refers to the study of email detail and content as evidence to identify the actual sender and recipient of a message, date/time of transmission, detailed record of email transaction, intent of the sender, etc. Email forensics involves investigation of metadata, keyword, searching, port scanning and generating report based on investigators need. Many tools are available for any investigation that involves email forensics. Investigators should be very careful of not violating user's privacy. To this end, investigators should run keyword searches to reveal only the relevant emails. Therefore, knowledge of the features of the tool and the search features is necessary for the tool selection. In this research, we experimentally compare the performance of several email forensics tools. Our aim is to help the investigators with the tool selection task. We evaluate the tools in terms of their keyword search, report generation, and other features such as, email format, size of the file accepted, whether they work online or offline, format of the reports, etc. We use Enron email dataset for our experiment.

show abstract

Towards Comprehensive and Collaborative Forensics on Email Evidence

Cited by 10 publications

References 13 publications

Challenges, Opportunities and a Framework for Web Environment Forensics

Challenges, Opportunities and a Framework for Web Environment Forensics

SSL based Webmail Forensic Engine

An Empirical Analysis of Email Forensics Tools

Contact Info

Product

Resources

About