Difference between pages "License transition status" and "Email Headers"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Gfzip page rewriteen to allow for creative commons licensing (since repeated emails to the previous page's author went unanswered.))
 
(External Links)
 
Line 1: Line 1:
This page keeps track of the '''license status''' of the wiki.
+
'''Email Headers''' are lines of [[metadata]] attached to each [[email]] that contain lots of useful information for a [[forensic investigator]]. However, email headers can be easily forged, so they should never be used as the only source of information.
  
All contributions after '''March 19th, 2006''' are under the [http://creativecommons.org/licenses/by-sa/2.5/ Creative Commons Attribution-ShareAlike 2.5] license. Contributions prior to that date have an unclear license. We are currently contacting the authors of the respective content, asking them whether they agree to license their contributions under the [http://creativecommons.org/licenses/by-sa/2.5/ Creative Commons Attribution-ShareAlike 2.5] license...
+
== Example ==
  
__TOC__
+
This is an (incomplete) excerpt from an email header:
  
== HOWTO ==
+
Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
 +
        by outgoing2.securityfocus.com (Postfix) with QMQP
 +
        id 7E9971460C9; Mon,  9 Jan 2006 08:01:36 -0700 (MST)
 +
Mailing-List: contact forensics-help@securityfocus.com; run by ezmlm
 +
Precedence: bulk
 +
List-Id: <forensics.list-id.securityfocus.com>
 +
List-Post: <mailto:forensics@securityfocus.com>
 +
List-Help: <mailto:forensics-help@securityfocus.com>
 +
List-Unsubscribe: <mailto:forensics-unsubscribe@securityfocus.com>
 +
List-Subscribe: <mailto:forensics-subscribe@securityfocus.com>
 +
Delivered-To: mailing list forensics@securityfocus.com
 +
Delivered-To: moderator for forensics@securityfocus.com
 +
Received: (qmail 20564 invoked from network); 5 Jan 2006 16:11:57 -0000
 +
From: YJesus <yjesus@security-projects.com>
 +
To: forensics@securityfocus.com
 +
Subject: New Tool : Unhide
 +
User-Agent: KMail/1.9
 +
MIME-Version: 1.0
 +
Content-Disposition: inline
 +
Date: Thu, 5 Jan 2006 16:41:30 +0100
 +
Content-Type: text/plain;
 +
  charset="iso-8859-1"
 +
Content-Transfer-Encoding: quoted-printable
 +
Message-Id: <200601051641.31830.yjesus@security-projects.com>
 +
X-HE-Spam-Level: /
 +
X-HE-Spam-Score: 0.0
 +
X-HE-Virus-Scanned: yes
 +
Status: RO
 +
Content-Length: 586
 +
Lines: 26
  
If you have contributed to this wiki '''before March 19th, 2006''', please consider (re-)licensing your contributions under this license. You can do that by adding this small paragraph to your user page:
+
== External Links ==
  
'''I hereby license all my contributions to this wiki (before and after March 19th, 2006) under the [http://creativecommons.org/licenses/by-sa/2.5/ Creative Commons Attribution-ShareAlike 2.5] license.'''
+
* http://en.wikipedia.org/wiki/Computer_forensics#E-mail_Headers
 
+
* http://www.forensictracer.com#Webtracer software for forensic analysis of internet resources
Thanks in advance.
+
 
+
== Current License Status ==
+
 
+
=== Pages ===
+
 
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! Page
+
! License Status
+
! Checked for copyright infringement
+
|-
+
| [[AFF]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[AFIS]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[AFOSI]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[ASR]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[ASR Data]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[AccessData]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Adobe PDF Format]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Afflib]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Anti-forensic techniques]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Applied Cellphone Forensics]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Audio Devices]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[BMP]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Bad blocks]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Bibliography]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Blackbag]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Blackberry Forensics]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Books]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Cellphones]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Conferences]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[DCFL]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[DIBS]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Data Reduction]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Dcfldd]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Dd]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Digital Evidence Bags]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[EVT]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[EXIF]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Email Headers]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[EnCase]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Epilogue to Gutmann's 1996 paper]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Exif]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[FAT]]
+
| ?
+
| style="background:lime" | OK
+
|-
+
| [[FCCU Gnu/Linux Boot CD]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[File Formats]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[File Systems]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Flash IDE Adapters]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Foremost]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Forensic Toolkit]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Forensic file formats]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Full Disk Encryption]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Gfzip]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Harvard Forensics Project]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Helix]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[ILook]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[ILook External Imager]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[ILook Imager]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[ILook Investigator]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[ILook file format]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[IXimager]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[JPEG]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Jesse Kornblum]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Journals]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[LNK]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[License transition status]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Linux]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Mailing lists]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Main Page]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Md5deep]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Metadata]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Microsoft PocketPC]]
+
| ?
+
| ?
+
|-
+
| [[Microsoft Windows]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Microsoft Windows Mobile]]
+
| ?
+
| ?
+
|-
+
| [[National Software Reference Library]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Ontrack Data Eraser]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Organizations]]
+
| style="background:lime" | OK (Not copyrightable)
+
| style="background:lime" | OK
+
|-
+
| [[Other Websites]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[PDAs]]
+
| ?
+
| ?
+
|-
+
| [[Palm]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Papers]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Paraben]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[People]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Personal Digital Devices]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[ProDiscover]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[ProDiscovery]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[PyFlag]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Pyflag]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[RIM Blackberry]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Raw image file]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Raw image files]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Recovering Overwritten Data]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Recovering bad data]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Recovering deleted data]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Reports]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[SIM Cards]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[SMART]]
+
| style="background:lime" | OK (Original unlicensed, copyright-infringing content was removed)
+
| style="background:lime" | OK
+
|-
+
| [[Safeback]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Sanitization Standards]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Scalpel]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Simson Garfinkel]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Sleuthkit]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[SmartPhones]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[SpinRite]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Symbian]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Techniques]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Tools]]
+
| style="background:lime" | OK (All content created after March 19)
+
| style="background:lime" | OK
+
|-
+
| [[UNIX]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[VMware]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Vendors]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Websites]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Wetstone]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
| [[Write Blockers]]
+
| style="background:lime" | OK
+
| style="background:lime" | OK
+
|-
+
|}
+
 
+
=== Files/Images ===
+
 
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! File
+
! License Status
+
! Comments
+
|-
+
| [[:Image:Simpic.jpg]]
+
| style="background:lime" | OK
+
| Replaced with free version.
+
|-
+
| [[:Image:Treo.jpg]]
+
| style="background:lime" | OK
+
| Deleted.
+
|-
+
| [[:Image:Pocketpc.jpg]]
+
| style="background:lime" | OK
+
| Replaced with free version.
+
|-
+
| [[:Image:Newton.jpg]]
+
| style="background:lime" | OK
+
| Deleted.
+
|-
+
| [[:Image:Zaurus-front.jpg]]
+
| style="background:lime" | OK
+
| Replaced with free version.
+
|-
+
| [[:Image:Sharp sl-c3100-thm.jpg]]
+
| style="background:lime" | OK
+
| Deleted.
+
|-
+
| [[:Image:Yale fat16 diagram.jpg]]
+
| style="background:lime" | OK
+
| Deleted.
+
|-
+
| [[:Image:Recover-FAT-volume-structur.jpg]]
+
| style="background:lime" | OK
+
| Deleted.
+
|-
+
| [[:Image:HelixGroupPaper.pdf]]
+
| style="background:lime" | OK
+
| Deleted
+
|-
+
| [[:Image:Network Appliance DataFort.doc]]
+
| style="background:lime" | OK
+
| Deleted
+
|-
+
| [[:Image:Draft Paper.doc]]
+
| style="background:lime" | OK
+
| Deleted
+
|-
+
| [[:Image:Survey3.doc]]
+
| style="background:lime" | OK
+
| Deleted
+
|-
+
| [[:Image:Survey.doc]]
+
| style="background:lime" | OK
+
| Deleted
+
|-
+
| [[:Image:Biblio.doc]]
+
| style="background:lime" | OK
+
| Deleted
+
|-
+
| [[:Image:HelixCFS.doc]]
+
| style="background:lime" | OK
+
| Deleted
+
|-
+
| [[:Image:Init2.doc]]
+
| style="background:lime" | OK
+
| Deleted
+
|-
+
| [[:Image:Init.doc]]
+
| style="background:lime" | OK
+
| Deleted
+
|-
+
| [[:Image:Securing Storage White Paper.pdf]]
+
| style="background:lime" | OK
+
| Decru white paper. Not Creative Commons licensed, but we'll keep it here, as it might disappear from the net.
+
|-
+
 
+
|}
+

Revision as of 08:04, 24 November 2006

Email Headers are lines of metadata attached to each email that contain lots of useful information for a forensic investigator. However, email headers can be easily forged, so they should never be used as the only source of information.

Example

This is an (incomplete) excerpt from an email header:

Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
        by outgoing2.securityfocus.com (Postfix) with QMQP
        id 7E9971460C9; Mon,  9 Jan 2006 08:01:36 -0700 (MST)
Mailing-List: contact forensics-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <forensics.list-id.securityfocus.com>
List-Post: <mailto:forensics@securityfocus.com>
List-Help: <mailto:forensics-help@securityfocus.com>
List-Unsubscribe: <mailto:forensics-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:forensics-subscribe@securityfocus.com>
Delivered-To: mailing list forensics@securityfocus.com
Delivered-To: moderator for forensics@securityfocus.com
Received: (qmail 20564 invoked from network); 5 Jan 2006 16:11:57 -0000
From: YJesus <yjesus@security-projects.com>
To: forensics@securityfocus.com
Subject: New Tool : Unhide
User-Agent: KMail/1.9
MIME-Version: 1.0
Content-Disposition: inline
Date: Thu, 5 Jan 2006 16:41:30 +0100
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Message-Id: <200601051641.31830.yjesus@security-projects.com>
X-HE-Spam-Level: /
X-HE-Spam-Score: 0.0
X-HE-Virus-Scanned: yes
Status: RO
Content-Length: 586
Lines: 26

External Links