Category: SMTP
-
SMTP Evidence | Mail Server Roles | Expert Witness Knowledge
Expert SMTP Evidence | Examination of Email Evidence as a Witness As an expert witness for email digital evidence examination, the SMTP mail server roles are an important area of focus. This blog post describes the different SMTP mail server roles and how they relate to expert witness testimony for any court case where SMTP…
-
Email Forensic Investigation | Email Delivery Log Retention
Email Forensic Investigation Evidence: Log Retention used by a Witness For any successful email forensic investigation, the availability of email logs is a key requirement. Email messages are sent using the Simple Mail Transfer Protocol (SMTP), defined here. This blog post describes the importance of retaining the SMTP delivery logs so they can be used…
-
Recovery of Deleted Emails | Expert Email Evidence
Deleted Item Retention: Expert Email Evidence in Court Expert witness work for digital email forensics is often concerned with the recovery of deleted emails. A person may send an email, and then delete the email from their Sent Items, and also from their Deleted Items. And then claim they never sent the email. Being able…
-
Email Delivery Proof as SMTP Evidence
Review SMTP Message Header as for Email Delivery Proof Email delivery proof can be found by examining the SMTP headers. The SMTP protocol has been around for a long time, and provides the ability for an email expert to trace the forensic email delivery path taken from the sender to the recipient. This can be…