Office 365 forensics

Office 365 Email Forensics - Investigating the Spam Proof Hosted Service

Everything is in our hands with the emergence of Office 365 by Microsoft. Office 365 is a complete productive kit with many hosted applications and the user can access them through browser via any network area. It has many applications meant both; for consumers as well as for the business enterprises.

Office 365 is enriched with PowerPoint, Excel, Exchange Online, Office Online apps, Email, SharePoint Online, etc., and along with some of its features, it has facilitated the way for forensic investigation. Office 365 comes with a great email filter that works well on spam mails.

What is a Spam Mail?

A spam mails is otherwise called as unsolicited mail, which contains many advertisements or product descriptions mainly aimed at screwing out the credentials of the account user. The spam mails are seen in the spam mail folder in the mail client. Spammed mails are sent by the so-called spammers; people who work for spoofing out the credentials for their well wishes. There are many filtering techniques to get rid the spam mails. However, with other way it gets into our mails.

Office 365 is working on this issue in a serious manner by providing some features. Let us see, how Office 365 protects the spam mails.

How Office 365 Email Forensics Improve the Spam Mails?

  • DKIM Verification: DKIM verification verifies the digital signature inserted in the email messages and checks whether it is valid or not; identify the original mails.
  • DKIM Signing: Office 365 supports the DKIM signing for all outbound mails enabling to differentiate the fully hosted customers, hybrid customers, etc.
  • Increased URL Filtering Coverage: There are 1.7 millions URLs for EOP and if the mail contains this URL, it is considered as high weight in the spam filter.

The Office 365 effectively works to overcome the spammers as well as the phishers. So, an investigator needs to go with the emails for more evidences.

For now, as you can see that cases are more or less related with emails; emails play an advanced role in investigation. In addition, since investigations are mainly carried out with the hands of forensic agents; Office 365 has maintained its features supportive to forensic investigation too.

Consider the Scenario

The culprit may be using Office 365 for emailing or might have stored some messages which may be a turning point for the investigation.

From the above scenario, it is clear that the need for a roaming round in the emails. Let us see, how Office 365 forensics leads the agents in their investigation.

How Mails Lead a way for Investigation?

Emails are the major sources of evidence for a forensic investigator. It helps to find the root of the cases. Usually mails are the way for passing the messages to the abettor. Investigation with mails makes the way for the case. The header information makes the exact way for the evidence & Office 365 email forensics. Now another question arises that what is stored in the header portion?

Email Header

The email shows the details such as; from, to, subjects and the attachments. But, for more details one has to dig in the header part of the particular email. An email header contains all the details from the root to the top.

Email Header contains information such as; From, To, Subject, etc. and apart from these it even contains;

  • Return Path - Shows the path where the mail should be returned if not delivered.
  • Message ID - Each of the mail has a unique ID.
  • SSL and TLS Info - Cryptographic protocols used to secure the messages.
  • Received - Shows the paths through which the mail has come.
  • DKIM Signature - Signifies the domain from where the message is send.

There are more fields in the header session of the email and the investigator can get the information from those fields. From the header information, one can get to know whether the mail is a spam mail or not. The mail header provides a light for Office 365 email forensics investigation and makes the way for evidence.

Covering Up

Office 365 is supported with the protection from spammers and phishers to enable an enhanced level of security. It also reaches to the investigators as an easy source to dig out evidence. For making the Office 365 forensics email investigation easier, there are many products available in the market to export Office 365 Mailbox to PST that not only helps in investigation but also in carving out evidence in a court admissible format for better representation during litigation.