Internet forensics is the study of the source and content of email as evidence

CYFOR Blog

The latest industry news, articles and events

Digital evidence in the form of email data can be crucial in civil and criminal cases. However, be sure it is extracted in the correct manner using email forensics.

With the prominence of the internet, emails have emerged as the most popular application for business communication, document transfers and transactions from computers and mobile phones. With this emergence, email security protocols have also been implemented to mitigate the illegitimate actions of criminals, such as business email compromise, phishing emails, and ransomware. However, there comes a time when specific emails need to be examined and data extracted for legal matters such as civil litigation and legally aided criminal investigations. This is where email forensics is applied.

What is email forensics?

Email forensics is exactly what it sounds like. The analysis of emails and the content within to determine the legitimacy, source, date, time, the actual sender, and recipients in a forensically sound manner. The aim of this is to provide admissible digital evidence for use in civil or criminal courts.

Admissible evidence

Most organisations have specific internal and external email policies in place to help safeguard their data, intellectual property, finances, and reputation. However, this does not always stop individuals (employees for example) from violating these policies to the detriment of their employer. These violations can present themselves in the form of forbidden file transfers, data breaches, indecent imagery, and incriminating email threads. Should a company suspect foul play, the application of email forensics to suspected email accounts can provide admissible evidence for disciplinary or legal purposes.

Can a solicitor or IT manager not just extract the emails?

They certainly can and may think that downloading a PST file (personal storage file) will glean all the information they require. However, as technically savvy as they may be, they are not digital forensic professionals. Forensic experts have the correct qualifications, accreditations, and technology to ascertain digital evidence in the most secure, efficient, and cost-effective manner, ensuring that it is court-admissible.

They possess expertise that allows them to identify hidden and manipulated email metadata fields, recover deleted files and are knowledgeable of the methods individuals use in an attempt to cover their digital tracks. For someone other than an expert to extract the data in an incorrect manner could jeopardise the integrity of the data, altering the metadata and complicating legal proceedings.

Email forensics experts

Email data should always be extracted by digital forensic professionals. This is highly recommended as they do so in a forensically sound manner ensuring that:

• The email data is extracted in full and there is no question whether all data has been recovered
• The validity of the data can be relied upon in both civil and criminal courts as admissible evidence
• Ensures that no changes are made to the email metadata
• It is compliant with the ACPO guidelines and the quality standards set out within the ISO17025 documentation and Forensic Science Regulator’s Codes of Good Practice and Conduct.
• Any deleted emails and files are recovered where possible

Why instruct CYFOR?

As a leading authority in digital forensics, CYFOR has vast experience in email data extraction, data analysis and authentication for criminal and civil legal proceedings. Our team of digital forensic investigators come from a variety of high-integrity technical investigative backgrounds including law enforcement, military, academic and cyber security.  This combined experience allows CYFOR to provide a leading digital evidence investigative service, backed by a dedicated quality management department that operates to ISO accreditations. This ensures that our clients receive the utmost quality of service and professionalism that is expected while meeting standards that can be relied upon in court.

Back to all Posts

What is the main purpose of a forensic analysis quizlet?

Which of the following is the best definition of forensics?

What's the main piece of information you look for in an e mail message you're investigating?

What is one of the first steps in a computer forensic investigation according to the FBI?