Email Forensics Case Study for E-mail Related Crimes
With the speedy growth in the world of digitization, emails have become a primary need among every individual for a seamless communication experience with the intended recipient. Although the advanced features may vary from one email application to another, moreover every email client provides basic functionality to send and receive the emails consisting of different crucial information. At times, these emails become the primary medium, which is vulnerable to several email frauds and attacks.
Here, I am going to share my recent email forensics investigation on how we traced and navigated the fraud email in which the defendants used a whaling attack to send an email with the original identity.
Email Forensics Case Study :
Been working as a Digital Forensics Examiner, recently our team investigated an on-going case in a very precise and effective manner. A couple of months back, one of the reputed banks became the victim who fell prey to a worse situation via email forensics.
Here’s how they narrated the situation,
“One of the Senior Service Manager working with the Bank received an email message from one of this client who requested an immediate financial transaction to send 1.25 Cr for vendor payment. In the received email, the client was holding exactly his original email address. As the client who holds a prestigious designation running several business organizations used to send frequent such emails. Because of which, the Bank official’s started the procedure to send the amount to the concerned recipient wherein it was proved fatal. The situation became worse when the client was found unknown who was asked to send the amount as a vendor payment. After further analysis, it was clear that the suspect has carried out the whaling attack, wherein they created the same email address so that the examiners will be doubtless while investigating the case.”
This incident has badly impacted the reputation of the Bank. Soon after that, the Bank official’s reported the same with us and asked us to investigate the email forensics case in tracing the culprits.
Case Analysis & Investigation :
At first, our team has done a complete analysis of the email which was sent by the felons. As there is no manual or handy solution, which will allow us to navigate the suspect’s details in collecting the evidence for the same. Moreover, the email message was holding a different file format, which was not installed on our system. However, in order to carry out a thorough investigation of the email message, it is better to avail of some reliable third-party software. Although, there are several online tools, which provide a solution for the same. But, we were in search for an all-rounder examiner tool, which will allow us to trace the complete information of the culprit’s details.
Upon complete analysis and research, our team of investigators approached a reputed software firm named SysTools. After knowing the history of the email forensics case, the company suggested using MailXaminer, which is a multipurpose forensic analysis tool. With the help of this software, the process of analyzing the email headers and other attributes was completely easy. This software works wonder by adding multiple investigators to the team to perform a smooth investigation process. With the different preview modes options like Normal Mail view, Hex, HTML, RTF, Properties view, etc, it could swiftly investigate the evidence for further examination. The best part of the software is the ability to support 20+ email file types of desktop-based or web-based email applications. Also, within a short span of time, we could easily trace the information of the illegitimate sender.
Some Highlighted Features of Email Investigation Tool :
- Capable to scan and add custodian file with multiple file formats
- Navigates the geological location of the image attachments within emails
- Allows forensics hash analysis using SHA1, MD5, SHA256 hash values
- Efficiently view the details of the chat information of different users
- Perform forensic video analysis to fetch the information of the sender
- Advanced link analysis to examine the direct or indirect conversation
- Export case report with detailed information in HTML, PDF & CSV format
Final Verdict
At times, users become the victim of severe situation such as data breach, whaling attack, spoofing, etc. In order to eradicate such circumstances, most of the users seek the help of forensic investigators. This blog describes a scenario of the Email Forensics Case and the process followed in nabbing the culprits precisely by adopting the MailXaminer software.