ACTIVITY 2

CASE SCENARIO.

You are cybercrime incident responder who complaints regarding anonymous email containing offers in
relations to the double your money schemes/scam that was being sent to the random people

Task. As a cycbercrime incident respondent, perform tracing of the origin of the email identify ISP and
prove the authenticating of the digital evidence collected from email.

a. What would be done in locating the origin of the email?

The in order to locate the origin of the email by the email sender regarding anonymous email
containing offers in relation to the double your money scheme/scams that was being sent to random
people. First we must have the message which is the email containing offers the double your money
scheme/scams in order to exact the IP address. Once we receive the email, open the message and click
the three dots or more at the right side of the email that shows us options click the show original to
open a new window with the full headers. Copy the entire header, then paste it into the online website
https://whatismyipaddress.com scroll down and find the trace email analyzer. Paste the entire header to
the box and click the email sender button. Once it finishes, scroll down again to the result of analysis of
the original message and you can now locate the source host name and IP address is. Then copy the IP
address, go to a website iplocation.net and paste the IP location and click IP look up button. And it
shows the location of the IP address, we need to locate it first in order to locate the ISP or the internet
service provider of the person who send the malicious email. And the ISP is the email by the email
sender regarding anonymous email containing offers in relation to the double your money
scheme/scams that was being sent to random people.

b. How are you going to prove that the collected evidence from the email was authentic?

Emails are admissible in court. The key is to prove that the collected evidence from the email was
authentic is laying the foundation to admit the emails into evidence at trial. There are many paths to
authenticate the collected evidence from e-mails. First is email authentication by direct evidence, it can
be as easy as getting the witness who received the email to testify that the printed email was received.
Emails also usually show the source so authentication can be done and can be authenticated. Secondly,
email authentication by circumstantial evidence, email circumstantial evidence When direct evidence is
unavailable to establish the authenticity of an email, circumstantial evidence may be used. Examples of
circumstantial evidence that may be used by the court in authenticating emails include the sender’s IP
address, the contents of the e-mail the use of names or nicknames, and any other identifying factors
that could link an e-mail address to a certain person as to its sender or author. evidence should not
change the evidence. specifically, for that purpose. storage of digital evidence should be fully
documented, preserved, and available for review. to ensure that they have proper legal authority to
seize the digital evidence at the scene.

c. What would be the next step after you identified the ISP of the suspect email sender?
 When ISP is identified of the suspect email sender, Preservation Order is sent to the ISP
requiring them to preserve the integrity of the data in their custody. The service provider ordered to
preserve computer data shall keep confidential the order and its compliance. Content data shall be
similarly preserved for six months from the date of receipt of the order from law enforcement
authorities requiring its preservation. Provided, once data are preserved, securing a court warrant to
obtain such data follows. If postpaid, subscriber information the name, billing address, installation
address, type of internet account, usage and costs etc. if applicable. If prepaid, log reports indicating
telephone number used to gain connection coordinate with Telephone company and resort to
traditional investigation. And lastly, processing information from ISP and phone company whether,
technical surveillance if applicable, Visit the Website concerned, Establish communication with
subject thru Email. Download Resource materials. Or physical surveillance must visit addresses
provided by the ISP/Phone Company to determine actual physical existence of the address, compare
results with information provided.