global email forensics | expert witness | smtp

Category: SMTP

  • Mail Server Roles

    by

    Rob Walton
    in

    Any information system used for email purposes can have different sub-functions (roles) within it, depending on its exact role within a particular information system.  Internet standard RFC 5598 provides a clear definition of these roles. https://www.rfc-editor.org/rfc/rfc5598.pdf For example: A conceptual diagram representing this relationship is shown below. The delivery steps between the various stages described…

  • Email Delivery Forensic Log Retention

    by

    Rob Walton
    in ,

    Introduction For any successful email forensic investigation, the availability of email logs is a key requirement. Email messages are sent using the Simple Mail Transfer Protocol (SMTP) defined here. As an email is sent and delivered to the recipient, the email will pass through multiple mail gateways. These are known as Message Transfer Agents (MTAs).…

  • Recovery of Deleted Emails

    by

    Rob Walton
    in , ,

    Expert witness work for email forensics is often concerned with the recovery of emails that have been deleted. A person may send an email, and then delete the email from their Sent Items, and also from their Deleted Items. And then claim they never sent the email. It is possible to investigate this further to…

  • SMTP Email Delivery Proof

    by

    Rob
    in ,

    The SMTP protocol has been around for a long time, and provides the ability to trace the path taken from the sender to the recipient. This can be within the same email system, or between email systems. Email Delivery Proof Markers There are additional markers that can be combined to provide additional evidence of a…