Evaluating and Analyzing Yahoo mail Header
The most important or can say a part around which Yahoo forensics revolve is the Yahoo email. And the main part in any email to be studied or analyzed from forensics point of view is its header which contain all the necessary required information. For viewing the full header of any mail in the Yahoo, you have perform following steps.
- Log-In the Yahoo account
- Click the Mail you want to see.
- In the Dropdown menu click View Full Header option.
The option is shown below in the screenshot.
In this way the header can be seen completely. If you want to analyzethe header of mails in bulk it's better to take backup using a Utility to view them in offline mode. So Yahoo Backup tool can be used to perform the header viewing task.
The Email header is of two type brief header and full header.The suspects involved can forge the brief header but the exact sender information can be viewed in the full header portion. The above performed action shows you the full header of the mail.
Yahoo mail Header structure: - Ifwe see the format of Yahoo mail header, we will analyze that the format of Yahoo header changes from time to time. This header part plays very significant role in artifacts carving process. Domain Key Signature, Sender IP address and other relevant information can be viewed from this header part.
Domain Key Signature also referred as DomainKeys Identified Mail is the field that will show the organization that takes the responsibility for the message send. Below image shows how the Domain Key Signature looks alike.
The Mail Header of the Yahoo gives you all the below shown information which can be a good source of artifacts for Yahoo forensics.
The above shown field gives some or other relevant information about Yahoo mail.
X-Apparently-To: This field will show the email address of the recipients. This is referred as To, BCC or CC in the brief header.
Return Path: This section will show the address referred to "Reply To" section in mail interface. This section can be spoofed easily and so cannot be relied upon.
Received-SPF: The email service used for mailing this message is shown in this section. In the cases involving spam messages, it will not show the ID number shown above that will indicate spoofing of message.
X-Originating-IP & Received: from: These fields show the Internet Protocol Address later used for reveling the server name.
DKIM-Signature: This is the Domain Key Signature which is discussed in the above section. This shows the mail signature.
Message ID: This section will show the unique ID given or assigned to every message making it authenticated.
MIME Version: This field will show the MIME format of the yahoo mail.
The Message ID Field in the above shown mail header structure can be very good source to fetch information of the device sending the message.
This is how the Message ID looks alike when the message is being sent from an Android application.
Similar the according to the sending device the Message ID changes. So carving the location of sender device can be excellent success in the case.
The above discussed processes can be followed in the analysis part of the Yahoo. Now, we will move towards the final step of the Yahoo forensics ontology.
The report formation is the final and the important aspect of Yahoo Forensics course. This final stage report will be containing all the source of artifacts carved out during analysis process in the form which can be understood by the non-technical individuals or for a layman. The other documentation and all the Meta information are the part of this final report.
This final stage report will be presented to the law commissioning the case and they will decide to present the evidence in law court or not. The Report is a kind of final output or can say a representation of the whole analysis preformed. So by making good report expert can disseminate the analyses in better way to the audience. The outlining and organization of the report are some important factor to keep in mind while report formation. The PDF is the ideal format to submit the report prepared. Also Read How to Save Yahoo Mail to my Computer
So Yahoo forensics can play major role in any forensic investigation of any digital crime case involving Yahoo mail. The above elaborated content can be very helpful in context to any Forensics Email Investigation where Yahoo mail is used by the suspect. The simple three step ontology followed in above content will make the investigation simple yet very effective for carving out evidence and solving the case effectively.