Towards comprehensive and collaborative forensics on email evidence

Author

Paglierani, Justin ; Mabey, Mike ; Ahn, Gail-Joon

fYear

2013

fDate

20-23 Oct. 2013

Firstpage

11

Lastpage

20

Abstract

The digital forensics community has neglected email forensics as a process, despite the fact that email remains an important tool in the commission of crime. At present, there exists little support for discovering, acquiring, and analyzing web-based email, despite its widespread use. In this paper we present a systematic process for email forensics which we integrate into the normal forensic analysis workflow, and which accommodates the distinct characteristics of email evidence. Our process focuses on detecting the presence of non-obvious artifacts related to email accounts, retrieving the data from the service provider, and representing email in a well-structured format based on existing standards. As a result, developers and organizations can collaboratively create and use analysis tools that can analyze email evidence from any source in the same fashion and the examiner can access additional data relevant to their forensic cases.

Keywords

Internet; computer crime; digital forensics; electronic mail; Web-based email; analysis tools; collaborative forensics; comprehensive forensics; crime commission; data retrieval; digital forensics community; email accounts; email evidence; email forensics; forensic cases; nonobvious artifacts; normal forensic analysis workflow; service provider; systematic process; Best practices; Collaboration; Databases; Electronic mail; Engines; Forensics; Organizations; Email; collaboration; forensics;

fLanguage

English

Publisher

ieee

Conference_Titel

Collaborative Computing: Networking, Applications and Worksharing (Collaboratecom), 2013 9th International Conference Conference on

Conference_Location

Austin, TX

Type

conf

Filename

6679965