I need 1 paragraph answer for this discussion.
Discussion:
During this week, we are looking at capturing the data image and how to extract information from data. I cannot emphasize the importance of the data image and understanding how the hash value is used to provide proof in court that your evidence is forensically sound. Because you will be providing demonstrating you understanding of this during your final project, we will be concentrating on extracting information from data in this conference. In last week’s conference you began to identify where to look for evidence that may be used in your investigation. This week, we will specifically look at one type of evidence, emails, and how to use information you find to aid in the investigation.
Emails can be powerful pieces of evidence but can also be manipulated to make authentication very difficult. Not only can people change information that is visible to the victim (their email, for example), people can use IP re-routers such as virtual private networks (VPNs: http://en.wikipedia.org/wiki/Virtual_private_network) to make tracking them virtually impossible. In this week’s conference discussion, we will be looking at a piece of email evidence (attached to this discussion question) to determine specific information and to analyze whether we should accept this evidence as something we want to present in court.
For reference, please see the below chart on how to “read” the metadata of the email header. The received section should be read bottom to top, to follow the path of the email through the various email servers. Using Whois (http://who.is/), track the IP address from start to finish and answer the following questions:
From where did Capt. Kirk send his professor this email?
Is the professor working from the US Naval Academy or is he/she working out of another location?
Is the return email address consistent with the initial originating location/email?
If this case was an incident of Capt. Kirk alleging that a doctor in Baltimore had stolen his identification to take courses at the US Naval Academy while he was deployed in Vulcan territory (let’s just assume this makes sense!), would you, as the expert computer forensic witness, feel comfortable using this email as evidence against the doctor? Why or why not? Please explain your answer.
For reference on using emails as evidence in court, please look at this website:
http://www.depo.com/resources/aa_thediscoveryupdate/authenticating_email.html
FieldMeaningMessage-IDA unique message ID as it transits smtp servers. This is used to avoid duplication of messages.FromThe address the sender filled in here. This could be made up!ToThis is the destination address.X-MailerThe mail client (program) from which the email was sent.SubjectThe subject of the email.Reply-ToThis is the address the “reply” button usually uses. The sender can fill this in with whatever he wants!ReceivedThese fields indicate the location and time of receipt of this email by a mail server. The top received is closest to you, while the received that is lowest is closest to the sender.Return-PathAgain, the address the sender intends you to reply to.
{Email Evidence found in description below- I upload it directly to the discussion question.}