Difference between revisions of "Email Headers"
m (Reverted edit of Porker, changed back to last version by Uwe Hermann)
|Line 39:||Line 39:|
Revision as of 09:04, 24 November 2006
Email Headers are lines of metadata attached to each email that contain lots of useful information for a forensic investigator. However, email headers can be easily forged, so they should never be used as the only source of information.
This is an (incomplete) excerpt from an email header:
Received: from lists.securityfocus.com (lists.securityfocus.com [188.8.131.52]) by outgoing2.securityfocus.com (Postfix) with QMQP id 7E9971460C9; Mon, 9 Jan 2006 08:01:36 -0700 (MST) Mailing-List: contact firstname.lastname@example.org; run by ezmlm Precedence: bulk List-Id: <forensics.list-id.securityfocus.com> List-Post: <mailto:email@example.com> List-Help: <mailto:firstname.lastname@example.org> List-Unsubscribe: <mailto:email@example.com> List-Subscribe: <mailto:firstname.lastname@example.org> Delivered-To: mailing list email@example.com Delivered-To: moderator for firstname.lastname@example.org Received: (qmail 20564 invoked from network); 5 Jan 2006 16:11:57 -0000 From: YJesus <email@example.com> To: firstname.lastname@example.org Subject: New Tool : Unhide User-Agent: KMail/1.9 MIME-Version: 1.0 Content-Disposition: inline Date: Thu, 5 Jan 2006 16:41:30 +0100 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Message-Id: <email@example.com> X-HE-Spam-Level: / X-HE-Spam-Score: 0.0 X-HE-Virus-Scanned: yes Status: RO Content-Length: 586 Lines: 26
- http://www.forensictracer.com#Webtracer software for forensic analysis of internet resources