Summary: This blog focuses on the importance of email header to examine emails along with the techniques that help to swiftly analyze Hotmail email headers. The different elements of the email headers to execute the email investigation thoroughly has been well-explained here.
Windows Live Hotmail, formerly known as Hotmail is a free web-based email application. With the help of an internet connection, one can easily access the emails from any web browser. In the year 2012, the Windows Live Hotmail service was renamed Outlook.com. Outlook.com offers numerous advanced features to its end-users such as unlimited storage for free, Skype connections, social media services like Facebook, Twitter, Google, etc.
There has been a rapid increase in the number of email attacks that are carried out by cybercriminals using Hotmail/Outlook.com account. The overall investigation of Hotmail mailbox components for analyzing hidden evidence is referred to as Hotmail Forensics Analysis.
One of the most important elements that help investigators in cyber findings is “Email Header Information”. Additionally, Hotmail email forensics includes analyzing server logs, application through which email has been sent, etc. These are some of the tactics that play a vital role in the forensic investigation of Hotmail application.
So, let’s get started by knowing the best approaches to perform Hotmail forensics!
From Hotmail header information, the investigation officers may be able to identify the Hotmail IP address that can further be used to determine the sender’s details. In some cases, masking, redirecting, and spoofing techniques are used by the sender to prevent accurate information.
Email headers are categorized into two main sections, they are:
Hotmail, which is now known as Outlook.com, the header information from the emails can be accessed by following the upcoming procedure:
This will navigate to the source code page of the email message which looks like the following image.
Below mentioned are some of the important attributes of the email header that helps to find potential information while investigating the case.
However, in case, if the domain is not registered under that particular Mail server, the value may display as ‘NONE’. Additionally, if the sender’s Mail server fails to deliver a message to the recipient, the value might return as ‘FAIL’.
This is referred to as the detailed analysis of server logs and the delivered email messages. The emails that are deleted from senders or recipient’s end can be requested from Hotmail Server or Internet Service Provider (ISP). This is because the replica is stored by them for each delivered email message.
Thereafter, the logs can be analyzed by tracking the original address of the sender’s computer. Here, the limitation is that the replica for email logs and the messages are maintained by the server for a stipulated period of time. Because of this, it may create an obstacle for the investigators while performing Hotmail forensics.
With the help of MailXaminer Email Examiner Software, the investigators can easily access and analyze the Hotmail data in a precise way. All you need is the credentials of the suspected Hotmail account in order to thoroughly investigate the emails.
To perform Hotmail email forensics with the help of the tool follow the below-mentioned steps:
Step 1: After the software is launched, click on Add Evidence button >> Web >> Hotmail >> Input the Credentials
Note: It allows to add multiple accounts as bulk through the CSV file, which contains the login credentials. It also provides a date filter option to access the email data from the specified date.
Step 2: The Hotmail email analyzer software displays a list of emails. It displays information such as “Tag, Subject, From, To, Sent & Received date, MD5, SHA1, etc.” This view of the data helps to obtain brief details of an email message without opening it
Step 3: The software also provides the option to precisely preview the emails using 7+ preview options. For that, right-click the email message and choose the Preview option. The different view mode includes Mail, Hex, Properties, Message Header, MIME, Email Hop, HTML, RTF
Email Hop: It will help to find and analyze the path through which the email has been traversed. It will show the router, gateway, and switches through which email data has passed.
Step 4: To convert the Hotmail emails, firstly you need to select the Emails >> Right-click >> choose Export option as shown in the below screenshot
Step 5: Under Export Options, investigators can avail of multiple export file types while converting Hotmail emails to the desired format. The various export file formats offered by the tool include EML, HTML, PST, PDF
Step 6: Finally, the exported emails will be saved at the destined location in the chosen file format.
Investigating officer deals with several challenges while performing Hotmail forensics. Now, by understanding the various components of the email header, it becomes easy to identify hidden evidence. This blog has disclosed various techniques to investigate Hotmail emails using the versatile email forensics software. The utility provides full-fledged features that help to swiftly examine the emails in no time.