Difference between pages "Email Headers" and "Microsoft Office"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(Initial version.)
 
(External Links)
 
Line 1: Line 1:
'''Email Headers''' are lines of [[metadata]] attached to each email that contain lots of useful information for a [[forensic investigator]]. However, email headers can be easily forged, so they should never be used as the only source of information.
+
{{expand}}
  
== Example ==
+
== EventLogs ==
 +
As of Office 2010 related Office Alerts EventLog:
 +
<pre>
 +
C:\Windows\System32\winevt\Logs\OAlerts.evtx
 +
</pre>
  
This is an (incomplete) excerpt from an email header:
+
== See Also ==
 
+
* [[Microsoft Office File formats]]
Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
+
        by outgoing2.securityfocus.com (Postfix) with QMQP
+
        id 7E9971460C9; Mon,  9 Jan 2006 08:01:36 -0700 (MST)
+
Mailing-List: contact forensics-help@securityfocus.com; run by ezmlm
+
Precedence: bulk
+
List-Id: <forensics.list-id.securityfocus.com>
+
List-Post: <mailto:forensics@securityfocus.com>
+
List-Help: <mailto:forensics-help@securityfocus.com>
+
List-Unsubscribe: <mailto:forensics-unsubscribe@securityfocus.com>
+
List-Subscribe: <mailto:forensics-subscribe@securityfocus.com>
+
Delivered-To: mailing list forensics@securityfocus.com
+
Delivered-To: moderator for forensics@securityfocus.com
+
Received: (qmail 20564 invoked from network); 5 Jan 2006 16:11:57 -0000
+
From: YJesus <yjesus@security-projects.com>
+
To: forensics@securityfocus.com
+
Subject: New Tool : Unhide
+
User-Agent: KMail/1.9
+
MIME-Version: 1.0
+
Content-Disposition: inline
+
Date: Thu, 5 Jan 2006 16:41:30 +0100
+
Content-Type: text/plain;
+
  charset="iso-8859-1"
+
Content-Transfer-Encoding: quoted-printable
+
Message-Id: <200601051641.31830.yjesus@security-projects.com>
+
X-HE-Spam-Level: /
+
X-HE-Spam-Score: 0.0
+
X-HE-Virus-Scanned: yes
+
Status: RO
+
Content-Length: 586
+
Lines: 26
+
  
 
== External Links ==
 
== External Links ==
 +
* [http://dfstream.blogspot.com/2014/01/ms-excel-2013-last-saved-location.html MS Excel 2013 Last Saved Location Metadata], Jason Hale, January 12, 2014
  
* http://en.wikipedia.org/wiki/Computer_forensics#E-mail_Headers
+
[[Category:Analysis]]

Latest revision as of 15:26, 13 January 2014

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

EventLogs

As of Office 2010 related Office Alerts EventLog:

C:\Windows\System32\winevt\Logs\OAlerts.evtx

See Also

External Links