Difference between pages "Pine Header Format" and "Eudora Header Format"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Initial version)
 
 
Line 1: Line 1:
[[Pine]] composes headers in the following format:
+
<pre>
 +
Message-Id: <6.0.0.22.0.20070728180447.02342558@sendinghost.com>
 +
X-Sender: username@pop.sendinghost.com
 +
X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22
 +
Date: Sat, 28 Jul 2007 18:05:07 +0200
 +
To: Username <username@receivinghost.com>
 +
From: Username <username@sendinghost.com>
 +
Subject: header test
 +
Mime-Version: 1.0
 +
Content-Type: text/plain; charset="us-ascii"; format=flowed
 +
</pre>
  
<pre>Date: Tue, 6 Mar 2007 11:10:36 -0500 (EST)
+
[[Category:Email Analysis]]
From: Sender Name <sender@host.com>
+
To: Getter Name <getter@otherhost.com>
+
cc: Other Person <somebody@somehost.com>
+
Subject: The subject text
+
Message-ID: <Pine.LNX.4.64.0703061056380.29699@host.com></pre>
+
 
+
Using the function <tt>generate_message_id</tt> in the file <tt>reply.c</tt> we can see that the format for the Message-ID line is a series of fields separated by periods, followed by the <tt>@</tt> symbol and the hostname of the sending machine. The fields are
+
 
+
# The word <tt>Pine</tt>
+
# A three letter version of the operating system name (e.g. <tt>LNX</tt> for Linux)
+
# A number YYMMDDHHmmssX, Where YY is the last two digits of the year, MM the current month, DD the current day of the month, HH the current hour, mm the current minute, ss the current second, and X is either a zero or one depending on the number of seconds.
+
# The current process ID number
+
 
+
Note that the timestamp in the Message-Id may not necessarily match the <tt>Date</tt> line.
+
 
+
The hostname can be [[ROT-13]] encrypted on some configurations.
+

Latest revision as of 03:36, 4 August 2012

Message-Id: <6.0.0.22.0.20070728180447.02342558@sendinghost.com>
X-Sender: username@pop.sendinghost.com
X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22
Date: Sat, 28 Jul 2007 18:05:07 +0200
To: Username <username@receivinghost.com>
From: Username <username@sendinghost.com>
Subject: header test
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed