Computer forensics: emails as evidence
#1
Computer forensics: emails as evidence
Anyone got any pointers? I have kept some emails which I may need to present as evidence. Nothing too exciting, don't get too excited
What sort of things are used as proof? Message IDs in the headers?
What sort of things are used as proof? Message IDs in the headers?
#8
Scooby Regular
iTrader: (3)
Join Date: Aug 2004
Location: Muppetising life
Posts: 15,449
Likes: 0
Received 0 Likes
on
0 Posts
Depends what sort of level of evidence is needed I would guess. I have seen emails used in a court of law that were just any old email.
Yes, they can be faked. But so can any letter that someone produces. Even signed letters can be faked. Its all a question of how far the other party is going to go. You can hire handwriting experts to try and disprove that a contract had been signed etc etc.
To improve your chances take a look a the link that was provided above. However, since you have no doubt already got the email, I would contact your provider. See what assistance they can offer you, as they will also have a record of any emails that you received.
Of course, the other party may claim that someone other than them actually used their computer to send the email in the first place.... You can argue over these things forever.
Yes, they can be faked. But so can any letter that someone produces. Even signed letters can be faked. Its all a question of how far the other party is going to go. You can hire handwriting experts to try and disprove that a contract had been signed etc etc.
To improve your chances take a look a the link that was provided above. However, since you have no doubt already got the email, I would contact your provider. See what assistance they can offer you, as they will also have a record of any emails that you received.
Of course, the other party may claim that someone other than them actually used their computer to send the email in the first place.... You can argue over these things forever.
#9
Scooby Regular
iTrader: (6)
Not a chance mate, they dont keep copies.. imagine the amount of email they would have to backup !!
I know for a fact Virgin media does not have any logs of emails or any way to recover an email !
The amount of data passing through I would imagine data recovery prograns would be at a loss too
#14
Scooby Regular
Join Date: Dec 2002
Location: Couch Spud
Posts: 9,277
Likes: 0
Received 0 Likes
on
0 Posts
Boro it was me that couldnt spell cryoserver, and whats worse is I used to install it
Having spent 4 years working primarily in the legal sector, I have been told countless times that any emails submitted as evidence arent worth the paper they are printed on
That said however, it would be up to the prosecution etc to accuse the defendant that the email is a forgery and therefore brings in accusations of purgery and they would potentially be doing this without proof
If the likes of Cryoserver are used then any accusations of forgery would be laughed out of court
We use Pop Loomy for a large number of our customers and we clear all emails stored on the server about every 6 weeks, as it is pop part of the contract is that we do not store emails
Now, SMTP is a different matter and a different (ie paying) set of customers, whereby we can go back and retrieve emails, its only a matter of archiving the tapes off site somewhere
We have in the past been requested by the police for information from one of our customers as either he got his face shot off, or he shot someones face off
We gave them all the history we had for that customer but we charged them a lot for it
Having spent 4 years working primarily in the legal sector, I have been told countless times that any emails submitted as evidence arent worth the paper they are printed on
That said however, it would be up to the prosecution etc to accuse the defendant that the email is a forgery and therefore brings in accusations of purgery and they would potentially be doing this without proof
If the likes of Cryoserver are used then any accusations of forgery would be laughed out of court
We use Pop Loomy for a large number of our customers and we clear all emails stored on the server about every 6 weeks, as it is pop part of the contract is that we do not store emails
Now, SMTP is a different matter and a different (ie paying) set of customers, whereby we can go back and retrieve emails, its only a matter of archiving the tapes off site somewhere
We have in the past been requested by the police for information from one of our customers as either he got his face shot off, or he shot someones face off
We gave them all the history we had for that customer but we charged them a lot for it
#16
Scooby Regular
Join Date: Dec 2002
Location: Couch Spud
Posts: 9,277
Likes: 0
Received 0 Likes
on
0 Posts
OK, you can use SMTP to send or recieve
Exchange Server sends & recieves SMTP only, and the POP that comes with Exchange is purely only for using Email Clients that aren't Outlook, its another protocol like IMAP etc
Exchange that ships with Small Business Server, has a POP Connector to connect to POP3 mailboxes retrieves them and puts them in the correct Exchange Mailbox
The Customers we have that use POP are home users who connect to IMAIL Servers, our Paying corporate/eductaion customers connect to Exchange Servers using Hosted Exchange
The POP side is mainly the client side
Exchange Server sends & recieves SMTP only, and the POP that comes with Exchange is purely only for using Email Clients that aren't Outlook, its another protocol like IMAP etc
Exchange that ships with Small Business Server, has a POP Connector to connect to POP3 mailboxes retrieves them and puts them in the correct Exchange Mailbox
The Customers we have that use POP are home users who connect to IMAIL Servers, our Paying corporate/eductaion customers connect to Exchange Servers using Hosted Exchange
The POP side is mainly the client side
#18
Scooby Regular
Join Date: Dec 2002
Location: Couch Spud
Posts: 9,277
Likes: 0
Received 0 Likes
on
0 Posts
If you connect via POP then chances are your mail wont be stored on the server unless you tell your client to leave messages on the server
POP Servers IIRC just puts the mail in your mailbox until you retrieve it
SMTP Servers normally just delivers mail as soon as it receives it, but with the likes of Exchange it delivers it to locally stored mailboxes, Outlook full client (for Echange Servers) is essentially just a window to your mailbox stored on the server, if you use Outlook Express to retrieve your Exchange Server Mailbox it will connect via POP and remove the messages from your mailbox on the server
POP Servers IIRC just puts the mail in your mailbox until you retrieve it
SMTP Servers normally just delivers mail as soon as it receives it, but with the likes of Exchange it delivers it to locally stored mailboxes, Outlook full client (for Echange Servers) is essentially just a window to your mailbox stored on the server, if you use Outlook Express to retrieve your Exchange Server Mailbox it will connect via POP and remove the messages from your mailbox on the server
#19
Scooby Regular
iTrader: (3)
Join Date: Aug 2004
Location: Muppetising life
Posts: 15,449
Likes: 0
Received 0 Likes
on
0 Posts
Yes, POP normally delivers the mail unless you ask it to keep it there.
Never realised that an exchange server was so easy to break as connecting outlook express. It really does appear there is no perfect mail protocol. IMAP is great, but its support in outlook is flaky at best. Thunderbird is great for IMAP, but really poor in terms of features
Never realised that an exchange server was so easy to break as connecting outlook express. It really does appear there is no perfect mail protocol. IMAP is great, but its support in outlook is flaky at best. Thunderbird is great for IMAP, but really poor in terms of features
#20
Scooby Regular
iTrader: (1)
The problem with e-mails as evidence is not the accuracy of the message: as many people have said now, the ISP archives the originals. The problem is proving who actually typed the message. All the defendant has to show is that there was no password and that at least one other person had access to the machine, and you have reasonable doubt.
E-mails can be used in evidence, the hard bit is making them useful as such.
M
E-mails can be used in evidence, the hard bit is making them useful as such.
M
#21
Scooby Regular
iTrader: (6)
The problem with e-mails as evidence is not the accuracy of the message: as many people have said now, the ISP archives the originals. The problem is proving who actually typed the message. All the defendant has to show is that there was no password and that at least one other person had access to the machine, and you have reasonable doubt.
E-mails can be used in evidence, the hard bit is making them useful as such.
M
E-mails can be used in evidence, the hard bit is making them useful as such.
M
#22
Scooby Regular
Join Date: Jan 2006
Location: In a Galaxy far, far away....
Posts: 604
Likes: 0
Received 0 Likes
on
0 Posts
#23
Scooby Regular
iTrader: (6)
Did you send an email to bigdaddy@holdemdown.com and say the new batch of Kiddie **** is in ??
Cause I think that might do it
#26
Scooby Regular
Join Date: Dec 2002
Location: Couch Spud
Posts: 9,277
Likes: 0
Received 0 Likes
on
0 Posts
Meridian
I explained this before, POP mail goes as soon as the customer collects it, if they dont we scan and remove all mail every few weeks or so
SMTP customers (ie Exchange ones) get to keep their mail and we back it up
Our IMAIL Servers we *only* backup the config
I explained this before, POP mail goes as soon as the customer collects it, if they dont we scan and remove all mail every few weeks or so
SMTP customers (ie Exchange ones) get to keep their mail and we back it up
Our IMAIL Servers we *only* backup the config
#27
Scooby Regular
iTrader: (6)
Thats not to say they can't if say Scotland Yard got involved.. but the cost of keeping a copy of every email I would imagine would be huge and unless it is a legal requirement.. I cant see why they would.
#29
Scooby Regular
Join Date: Jan 2006
Location: In a Galaxy far, far away....
Posts: 604
Likes: 0
Received 0 Likes
on
0 Posts
Did you send an email to bigdaddy@holdemdown.com and say the new batch of Kiddie **** is in ??
Cause I think that might do it
Cause I think that might do it