jess LAND
       www.jessland.net		        Sponsored by:       
One eSecurity
www.one-esecurity.com
JISK Knowledgebase >>    About    News    Essentials    Architecture    FWs    IDS/IPS    Honeypots    Malware    Forensics   
  +  JSS Home    Projects    JSS Community    Events    News    Docs    About    Contact .

JISK > Forensics > Areas > Email Forensics Section Map

E-mail Forensics

Content Leader: Jess Garcia - Last Updated: January 21, 2007

Gral Information

Standards

E-mail Messages

Fields

  • Message-ID: Optional, but every message should have it
    • Intended to be machine readable.
    • Format: <date/time.unique_id@domain>
      • Date/Time Integer: Can be formatted to display human readable date/time, but is usually in a hexadecimal string. On Unix systems, the string represents the “number of microseconds since midnight, January 1, 1970, Greenwich Mean Time.” (Unix Time – epoch)
      • If hexadecimal, convert it to decimal and then convert from Unix timestamp to date/time format.

Structure

  • E-mail messages are divided in several parts:
    • Envelope Header - Added by E-mail servers
    • Message Header - Added by the E-mail client
    • Body
    • Attachments

References


Copyright © 2000-2008 Jessland - Jess Garcia's Website - All rights reserved.