Hey, everyone, welcome back to the course of the last video. We talked about different types of email crimes.
In this video, we're gonna talk about Microsoft Exchange email locks.
So some other laws besides the canned spam Act that may be applicable in your email investigation are the electronic communications privacy actor E C. P. A. And the Stored Communications Act as well.
Now, you also might see that different states have laws regarding obtaining information from e mails or email related information. A CZ well, as a different locales. Right? So, um ah, one county I know of in Texas Harris County has pretty strict cyber loss.
Uh, whereas other counties may not right, so it may be at the local level as well.
So the email investigation itself, Obviously we will always want to get a search warrant first on, and then we want to make a copy of the e mails or email information and preferably a bit by bit copy.
In some instances, we may also print out the email as part of our investigation on And then, from there, we just view are analyzed email header. Try to trace back whoever sent it. Um, this much as we can, right? A lot of times it was spoofing. We can't trace it all the way back.
investigate different types of encoding and then also acquire any email. Our conscious. Well,
so just an example of an email header. You see the two in the from fields there. You'll also see an I P address in there as well.
Um, showing that Hey, it's received from this I p address, which is the 106.10 That 1 65 32 And again, whether or not that's actually accurate, right, cause you can spoof an I p. Address.
So different Web based e mails. What you're gonna want to do is just search well, some areas you can search on suspect machine is gonna be the browser cache. A cz well was using different tools that are specifically designed to grab information from Webby Mills.
So Microsoft exchange email server logs. So exchange works as he extensible stores engine the different archive logs we want to get are gonna be priv dot e d b pub DDB and proved a S t m. You'll definitely want to know this for your exam.
as well. So the tracking dot log file
so proved I e. D B. It's ah Rich text file that contains message headers and Maxie's text as well. A standard attachments
pub. DDB contains public folder her hair hierarchies excuse me and contents and then proved at S t. M regarding the streaming Internet content file. So things like your mind, which contains your video and audio files
so different tools we can use for e mail recovery of some of the more popular ones. They're gonna be pro discovered. Basic OS forensics and paraben email examiner as well as the access data. F T k.
So just a screen shot of all of those
so pro discover Basic
Caravan email examiner again, I mentioned this is probably one of the more popular ones to use
access stated FT. *** Another very, very popular tool,
and then food aid for email.
So just a couple of quick post assessment questions.
The priv dot e D B archive database file contains message, headers, messes, text and standard attachment. Is that true? Falls?
All right, so that's true. If remember,
that one contains that and definitely remember this for your exam.
So our next question here, the p u b dot e. D b file stores, public folder, hierarchies and contents Is that one tour false?
All right, so that one's true again as well.
So again, you definitely, definitely want toe Memorize and make sure you know those those three that I mentioned for the exam, it's got a very, very, very beneficial to you.
So in this budget, we wrapped up our discussion on investigating email crimes. We talked about exchange E mail logs and some of the other laws that we need to worry about as doing an email investigation.
The next bond. So we're gonna talk about mobile forensics.