 |
|
|
|
|
|
|
|
|
 |
 |
 |
|
|||||
 |
 |
 |
|
|||||
 |
 |
|
||||||
 |
|
|||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||
|
|
|
|
|||||
|
|
|
||||||
|
|
|||||||
|
Forensic Email Analysis - Aperio Digital Investigations
Email communication is a major part of most peoples personal and business life. We have extensive experience in the extraction and analysis of emails from a wide range of systems including Webmail, email clients, mobile phones and corporate servers. Email analysis very often forms part of a wider investigation. Email generally uses software such as Microsoft Outlook or Outlook Express installed on the user's computer and it is from their hard drive that we can recover email messages, calendar entries, contacts, tasks and so on. Within a corporate environment, employees usually access their email via a central mail server (computer) running Microsoft Exchange or similar software and it is from here that we can recover the email for any particular employee or group of employees. Corporate organisations also tend to have a backup to tape regime in place so, even if the relevant email is no longer on the mail server, we can restore an earlier version from a backup tape and search that instead. Webmail is, as its name suggests, an internet based service, accessed using an internet browser such as Internet Explorer or Mozilla Firefox. Messages, address books, calendar entries and so on are actually stored ONLINE on a mail server owned and controlled by the webmail provider. Hotmail, Yahoo! Mail and Googlemail are all examples of webmail. It is on those online mail servers that the primary evidence is located and it may be possible to gain access to that through a court order or the consent of the account holder. However, because webmail is internet based, there may well be a substantial amount of webmail material on the user's own computer hard drive, as with any other internet material. All of these sources of evidence should be preserved at the earliest opportunity to ensure that any evidence available is not deleted or overwritten. Aperio DI are happy to advise you on which of the sources are likely to contain evidence for your particular case to allow you to quarantine these sources for forensic copying and analysis in due course. |
Case Study
|
