Computer Forensics Email Header
Question :
Discuss some of the content found within an email header that can be useful in an investigation. Name one tool that could be used in an email investigation, and describe the information it retrieves.
Discuss at least 3 challenges associated with performing a forensic investigation on a mobile device. Discuss a tool that would be used in a forensic investigation on a mobile device.
Answer :
The email header contains crucial routing information about the email an individual receives. The header of an email typically includes the detail of the subject of the email as well as the sender and receiver information along with the servers it has gone through on its way to the recipient. With the help of the header of the email, an investigator can easily find the IP address of the sender, internet service provider, location, and email client. Such information can be used to investigate the legitimacy of a suspicious email. Analyzing the header of an email can also help in identifying header spoofing which is one of the strong indications to identify an email sent with malicious content (Elisavet et al., 2016). There are several tools that could be used by an investigator to investigate an email. One of the key tools to investigate an email is Digital Forensic Framework. It is open-source software that is used by investigators in order to collect, preserve, as well as reveal digital evidence without compromising data and system.
There are several challenges associated with performing a forensic investigation on a mobile device. In order to examine mobile devices successfully requires special knowledge as well as skills of mobile forensic experts. The first and foremost challenge associated with performing a forensic investigation on a mobile device is a platform. Mobile devices include several devices such as Tablets, Smartphones, Smartwatches, Drones, Navigation devices, etc. Dealing with different devices is one of the significant challenges for mobile forensic examiner because the examiner should be aware of the specialties of each device in order to extract data effectively. The second challenge is to identify the manufacturer the mobile devices. It sounds easy but possesses significant challenges for the investigator as there are hundreds of manufacturers and each manufacturer introduces an average of 15 versions of mobile devices every year (Indu et al., 2018). The third challenge is the connectors. In order to connect a mobile device successfully, the expert must select the appropriate plug. The next step is to identify the appropriate driver in order to establish a connection to the computer. It is also a challenge for the expert. Cellebrite Touch is a well-known as well as complete evidence extraction device that is widely used in a forensic investigation on a mobile device.
References
Peng, L., Dhaini, A. R., & Ho, P. H. (2018). Toward integrated Cloud–Fog networks for efficient IoT provisioning: Key challenges and solutions. Future Generation Computer Systems, 88, 606-613.