This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Uncategorized

Email Forensics

Admin 22 Apr 2024

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

 

 Email Forensics

 

A forensic investigation involves investigating various files and folders that are likely to contain forensic evidence required. In this lab exercise, the aim was to analyze email using FTK tool to discover if Jim Shu has been selling the company’s designs and other information to a competitor. Lab4.pst is the image file containing Jim’s email conversations, which was provided for analysis in this lab exercise. Like in previous lab exercises, the first step was to download the image file and launch the AccessData FTK tool. Once the FTK tool launched, I created a new case for Lab 4 following the steps I have been using in previous lab exercises for creating a new case. I then added the evidence file (Lab4.pst) in the Manage Evidence window, as shown in Figure 1. Along with the evidence file, the following information was required; ID/Name (Lab 4), Description (Lab4 Email Forensics Investigation), and Time Zone (Eastern Time with Daylight Saving (US – New York) shown by Figure 1.

Figure 1: Adding Lab4.pst evidence image.

Figure 2 shows the complete processing of the evidence file added to the new case. A total of 61 items were discovered and processed.

Figure 2: Complete the processing of the evidence file.

FTK analysis tool presents the option to analyze different categories of files. In this case, the focus was on Jim’s email; hence the ‘Email’ tab was used to examine the headers of all emails. On clicking the ‘Email’ tab, email items were categorized into Email Status, Email Archives, Email by Date, Email Addresses, and Email. I went through various categories and individual emails, and I discovered that indeed there are several pieces of evidence to implicate Jim Shu of selling the company’s designs and other information to a competitor. The following screenshots show some of the evidence I discovered in various email conversations.

Figure 3 shows that Jim was sharing important information about the company’s bike with a person named Bob. In the email, Jim is cautioning Bob about the sensitivity of the attached file. Jim writes to Bob, saying, “Use this one sparingly. It is too sensitive a document.” The sensitive document is a file named Tubing Materials, as shown in Figure 4. In the document, Jim shares information about materials for an Apache 01 bike and the layering process.

Figure 3: Jim’s email to Bob

Figure 4: Document containing tubing materials sent by Jim to Bob

Figure 5 shows an email received by Bob. The email is from someone called Sam, who asks Jim, “Do you have them yet? I’ve got people in Asia ready to duplicate them?” Although it is not clear what Sam was asking about in this email, it can be assumed that Sam was asking for the design of the company’s products so that some other people in Asia can duplicate.

Figure 5: Sam asking Jim for some information

Figure 6 shows another conversation between Jim and Bob, which further presents evidence that incriminates Jim. In this email, Jim sends an email with the information, “You’ll have to change the extension to .jpg. I’m in need of money, can you send a downpayment?” The email had an attached file that needed a change in the extension to .jpg to be viewed by image processors. The image was of a drawing that looks like a part of a bike. The request for payment shows that Jim was selling this information to Bob.

Figure 6: Jim’s email to Bob with image design and payment request.

There are several other email conversations that present lots of evidence that show that Jim has been violating the company’s privacy policies by sharing the company’s designs and other information to competitors. Jim has been communicating with various people, and their conversations point out that Jim has been sharing company sensitive data in exchange for money.

I bookmarked the email conversation I analyzed for report generation purposes. Figure 7 shows a list of bookmarked email conversations, which I then used to generate a report. I generated the report like in previous lab exercises by clicking on the File tab then selecting the Report option. Under the report options, I selected the Bookmarks and ftk option, and for the output option, I selected the PDF format. The report was generated and completed, as shown in Figure 8, and is accompanies this file as Lab4 Report.pdf.

Figure 7: Bookmarked Email conversations

Figure 8: Completed report processing

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
GET CUSTOM ESSAY
Copyright © 2019
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask