Research On The Tampering And Examination Of Commonly Used Email

Being a method of exchanging digital messages from an author to one or morerecipients, Email has been one of the most widely used Internet service since1970s. Itallows people to contact with any users of Internet fast. The content can be text,images, sounds, and other various forms. This convenient low cost technique has beenwidely used in commercial trade, e-government, distance education and daily life. Thedesktop mail clients that use SMTP and POP3protocols, like Windows Live Mail,Outlook Express, Foxmail, have popularized rapidly for their advantages such as thefast speed of operation. Furthermore，due to simple use and combination with otherwebpage services, webmail has become the choice of many people. However,criminals may exploit the convenience of communication to forge or tamper withEmail. In forensic practice, cases of Email examination for authenticity accounts for alarge proportion of the digital evidence cases. Forensic examiners are ofter faced withquestions such as whether the contents of the message is real, whether it has beentampered with, whether the received/send time meets the client’s description.Therefore, in this paper we presents some methods of Email tempering and theconsequent techniques of examination, based on analysis of mail transfer protocol andcharacteristics of single message from four respects, including typical e-mail clientsoftware analysis, webmail analysis, file system analysis and Email server analysis. Among them, Message head analysis is a fundamental method of email authentication.On the basis of the whole message structure, message format check technology mayfind incomplete message. Performance analysis of email client software deals with thedifference between tampered email and normal mail on clients. Webmail researchproposes the solution to preserving webmail messages. Study of file system trailconfirms the status of email in different file systems. Examination on softwareremains, such as antivirus software log, pays attention to judging the tamperingbehaviors. Study of clue in email servers is capable of verifying logs, special labelingand message details. Finally, after comprehensively utilizing the methods in actualcases, we confirmed their effectiveness.