Email Headers

From ForensicsWiki
Revision as of 13:04, 24 November 2006 by 4it (Talk | contribs) (External Links)

Jump to: navigation, search

Email Headers are lines of metadata attached to each email that contain lots of useful information for a forensic investigator. However, email headers can be easily forged, so they should never be used as the only source of information.


This is an (incomplete) excerpt from an email header:

Received: from ( [])
        by (Postfix) with QMQP
        id 7E9971460C9; Mon,  9 Jan 2006 08:01:36 -0700 (MST)
Mailing-List: contact; run by ezmlm
Precedence: bulk
List-Id: <>
List-Post: <>
List-Help: <>
List-Unsubscribe: <>
List-Subscribe: <>
Delivered-To: mailing list
Delivered-To: moderator for
Received: (qmail 20564 invoked from network); 5 Jan 2006 16:11:57 -0000
From: YJesus <>
Subject: New Tool : Unhide
User-Agent: KMail/1.9
MIME-Version: 1.0
Content-Disposition: inline
Date: Thu, 5 Jan 2006 16:41:30 +0100
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
X-HE-Spam-Level: /
X-HE-Spam-Score: 0.0
X-HE-Virus-Scanned: yes
Status: RO
Content-Length: 586
Lines: 26

External Links