ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.
Email Headers are lines of metadata attached to each email that contain lots of useful information for a forensic investigator. However, email headers can be easily forged, so they should never be used as the only source of information.
This is an (incomplete) excerpt from an email header:
Received: from lists.securityfocus.com (lists.securityfocus.com [220.127.116.11]) by outgoing2.securityfocus.com (Postfix) with QMQP id 7E9971460C9; Mon, 9 Jan 2006 08:01:36 -0700 (MST) Mailing-List: contact email@example.com; run by ezmlm Precedence: bulk List-Id: <forensics.list-id.securityfocus.com> List-Post: <mailto:firstname.lastname@example.org> List-Help: <mailto:email@example.com> List-Unsubscribe: <mailto:firstname.lastname@example.org> List-Subscribe: <mailto:email@example.com> Delivered-To: mailing list firstname.lastname@example.org Delivered-To: moderator for email@example.com Received: (qmail 20564 invoked from network); 5 Jan 2006 16:11:57 -0000 From: YJesus <firstname.lastname@example.org> To: email@example.com Subject: New Tool : Unhide User-Agent: KMail/1.9 MIME-Version: 1.0 Content-Disposition: inline Date: Thu, 5 Jan 2006 16:41:30 +0100 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Message-Id: <firstname.lastname@example.org> X-HE-Spam-Level: / X-HE-Spam-Score: 0.0 X-HE-Virus-Scanned: yes Status: RO Content-Length: 586 Lines: 26