Scribd Logo
Upload

Welcome to Scribd!

  • 45 views

    Sean Robertson - Automating Email Evidence Discovery - 4/19/21

    Uploaded by

    Sven Nosbro
    This document summarizes using the E3 tool to automate email evidence discovery from a seized device. The forensic analysis process loads evidence into E3, indexes and sorts data. E3 finds 1 chat file and 7 emails with encryption hashes. The first "no subject" email from the suspect's sent mail is displayed. E3 allows cyber forensic specialists to effectively sort and analyze emails, and displays standard email header information per RFC 2822. This demonstrates E3's ability to create an efficient email evidence analysis workflow in cyber forensics investigations.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Sean Robertson - Automating Email Evidence Discovery - 4/19/21

    Uploaded by

    Sven Nosbro
    45 views5 pages
    This document summarizes using the E3 tool to automate email evidence discovery from a seized device. The forensic analysis process loads evidence into E3, indexes and sorts data. E3 finds 1 chat file and 7 emails with encryption hashes. The first "no subject" email from the suspect's sent mail is displayed. E3 allows cyber forensic specialists to effectively sort and analyze emails, and displays standard email header information per RFC 2822. This demonstrates E3's ability to create an efficient email evidence analysis workflow in cyber forensics investigations.

    Original Description:

    Original Title

    __LR7

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes using the E3 tool to automate email evidence discovery from a seized device. The forensic analysis process loads evidence into E3, indexes and sorts data. E3 finds 1 chat file and 7 emails with encryption hashes. The first "no subject" email from the suspect's sent mail is displayed. E3 allows cyber forensic specialists to effectively sort and analyze emails, and displays standard email header information per RFC 2822. This demonstrates E3's ability to create an efficient email evidence analysis workflow in cyber forensics investigations.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    45 views5 pages

    Sean Robertson - Automating Email Evidence Discovery - 4/19/21

    Uploaded by

    Sven Nosbro
    This document summarizes using the E3 tool to automate email evidence discovery from a seized device. The forensic analysis process loads evidence into E3, indexes and sorts data. E3 finds 1 chat file and 7 emails with encryption hashes. The first "no subject" email from the suspect's sent mail is displayed. E3 allows cyber forensic specialists to effectively sort and analyze emails, and displays standard email header information per RFC 2822. This demonstrates E3's ability to create an efficient email evidence analysis workflow in cyber forensics investigations.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 5

    Sean Robertson - Automating Email Evidence Discovery – 4/19/21

    Automating Email Evidence Discovery

    Northern Virginia Community College

    ITN 276 – Forensics 1

    JBL Lab 7

    4/19/21

    By

    Sean Robertson

    1 | Page
    Sean Robertson - Automating Email Evidence Discovery – 4/19/21

    Table of Contents

    Summary of Findings 3

    Forensic Analysis 4
    Lab Exercise 1 4
    Analysis Process 4
    Forensic Evidence 4
    Figure 1 4
    Investigator Analysis of Findings 4

    References 5

    Table of Figures

    Figure 1: first ‘no subject’ email found in suspect sent mail 4


    Note: You must cite all your references in APA v6 format. You must use intext citations and a
    reference page at the end.

    2 | Page
    Sean Robertson - Automating Email Evidence Discovery – 4/19/21

    Summary of Findings
    Online communication mediums have gone through a steady and evergrowing change since the
    dawn of the internet, but none truly stand the test of time quite like Email does. That means
    that in the field of cyberforensics, cyber forensics specialists all of stripes must know how to
    find and properly analyze evidence of the email variety, off of seized devices. E3 is one such tool
    that creates an effective and efficient workflow for analyzing email evidence. (JBL 2019) As such
    with no criminal case or background given, the Investigator Analysis of Findings section will
    primarily be to demonstrate the importance of the tool or method in cyberforenices
    investigations or litigations. With Part 1 of both Section one and two going over how to
    correctly add and sort evidence in E3, (JBL, 2019) This lab report will streamline this lab into one
    Lab Exercise in order to better focus on the new material presented. This one Lab Exercise will
    go in-depth on how a cyber forensics specialist would use E3 to identify suspected files in an
    email system of a seized device.

    3 | Page
    Sean Robertson - Automating Email Evidence Discovery – 4/19/21

    Forensic Analysis

    Lab Exercise 1

    Analysis Process
    After the Evidence is loaded into E3 and the data on the hard drive image is correctly indexed
    and sorted, the cyber forensics specialist then opens the evidence under the sorted files tab.
    (JBL 2019)

    Forensic Evidence
    E3 has found 1 chat file referred to as ‘main.db’ and carrying a type of ‘Skype 4 or later’. The
    text this file contains can be viewed under the text view box and seems to be a conversation
    between two different parties. (JBL, 2019) Going into the seven emails accounted for by E3, each
    with their own MD5 and SHA1 encryption hashes. After choosing the file labeled ‘outbox’ and
    indexing that into the case content, the cyber forensics specialist can now view the contents of
    the suspect’s sent mail. As seen in Figure 1.

    Figure 1: [first ‘no subject’ email found in suspect sent mail] (JBL Robertson, 2021)

    Investigator Analysis of Findings


    As well as letting cyber forensic specialists sort and analyze emails effectively E3 also displays
    standard universal header information attached to the email in accordance with RFC 2822. This
    along with the above demonstrations (JBL 2019)

    4 | Page
    Sean Robertson - Automating Email Evidence Discovery – 4/19/21

    References

    Easttom, C. (2019). Lab Access for System Forensics, Investigation, and Response (Version 3e)
    [Virtualized Education Environment]. Jones & Bartlett Learning.
    https://www.jblearning.com/cybersecurity

    Robertson, S. M. & JBL. (2021, April 19). Figure 1: first ‘no subject’ email found in suspect sent
    mail [Screen Capture]. Google Photos. https://photos.app.goo.gl/XbZUbgDNxeWgnVuK9

    5 | Page

    You might also like