Acquisition and Analysis of Hotmail email Accounts
Hotmail Forensics – Need Of The Hour
Since, Hotmail has become one of the most widely used web – based email service, therefore, with increasing boom, it has also become a victim of various email crimes such as cyber bullying, child pornography, email spoofing and many more. As Hotmail is not compatible with IMAP, therefore, one of the most emerging challenges of the investigators is to perform a forensic investigation of the complete set of available email folders in addition to inbox.
One of the most peculiar features possessed by Hotmail (as well as other web – based email services) is that it stores loads of data on the computer.
Forensic Analysis of Hotmail Email Accounts – Simplified & Postulated
Digging into the anatomy of Hotmail, it has been inferred that by default, the IP address of the sending machine that has sent the email via Hotmail, gets entrapped. Many other such attributes of Hotmail pave a way for forensic investigators to carve out necessary required evidence. The corporate as well as the law enforcement forensic examiners rely on the email evidence that is available on the computer after the execution of crime, i.e., during post crime investigation.
During Hotmail forensics, Hotmail emails can be traced by following the below mentioned steps: -
Certain peculiar attributes that need to be checked out during the investigation of the Hotmail email header involve open relay, open proxy, use of anonymizer, etc.
One of the most common and frequently used approach by Forensicators for investigating emails is with the usage of Microsoft Outlook and Hotmail Connector. As Microsoft Outlook stores all its user account data within Outlook Data File, i.e. PST forensic investigation of these PST files is now possible up to a very much extent. Hotmail Connector is required for configuring the hotmail account with Microsoft Outlook email client as Hotmail is not compatible with IMAP settings. Or Alternatively you can take backup of hotmail emails in your computer in any email file type using a suitable third party tool.