Before October 2008, Zoho served applications to make business easier. In that particular month emerged its webmail service, Zoho Mail. The clutter-free and familiarly designed webmail service that works on its
Even though Zoho Lite is available for free and can be connected with a number of existing webmail or Outlook accounts, office apps aren’t compromised with it and are offered for creating & accessing documents on the account. For instant communication with contacts, Zoho also features a chat application in its Apps section. The app can collaborate with contacts of Yahoo Mail, Facebook, QQ Mail, MSN, Google Mail, MySpace, etc., with just a simple sign in. Earlier the service did not consider including sender IP in the internet header of an email when sending it from the web. However, now it does support that as well as extremely powerful and rigorously tested security policy.
Being a webmail service with
Zoho Mail at A Glance
In addition to these, Zoho Mail ensures a secure connection by implementing AES-256 Bit of encryption on data while it is being sent over through internet; also the connection is made through SSL. Thus, even applications like packet sniffers may also fail to retrieve information.
The service has been tested by developers against vulnerabilities such as SQL injection, XSS (cross-site scripting).
Zoho Mail is chiefly known for its strongly encrypted network. This, in the past has even put notable cryptologists in trouble from law enforcement agencies across trying to decrypt messages exchanged over some of the renowned web mail services as part of their study. Thus, a network that can’t be intruded cannot be examined with network forensic techniques too. However, there are alternatives that can be adopted for digging into the activities of Zoho Mail through traces of it left behind on the PC.
Zoho Mail is accessible over web browser of mobile as well as desktop computer/laptops. During the Zoho email analysis the potential evidence storage/ local storage of activities carried out in the account accessed from a machine, that can be either found in system files or in
The local file storage of a web browser used for logging in and out of the account and Zoho mailbox analysis for traces of evidence leading to:
Analyzing web browser activity can thus prove to be an important step during the Zoho mail forensics. Cache files of a web browser may consist of images from visited web pages, JS based malware conscientious for activities that may seem suspicious.
TIP: Mozilla Firefox comes with an Add-On to view the browser cache right on the browser with ample of information along with images.
NOTE: The random alphabet combination prefixed to ‘.default’ is the profile name.
As stated above Zoho Mail can both import as well as export emails in the
EML Export: The traces of downloaded emails remain on the respective mail account in its Inbox folder. Zoho Mail doesn’t directly start the import of emails. Instead, a mail with the download link of a RAR file consisting of the emails as EML format file is sent to the account holder.
Parse EML File: The file is constructed to comply with a standard RFC5322 format thus; they are free to be used on a number of email server, applications, and clients. As the file is structured in a simple text format, it can be opened and traversed on Notepad and any other form of text editor freely available online.
Role of Third Party: The standard header parsing techniques can be applied for the examination of EML files. However, the involvement of third party applications is and should be done by investigators for precision and quick pace of Zoho email analysis. MailXaminer is a dedicated email analysis platform for cloud and desktop based email clients. With the provision of 7+ email header preview and analysis options, it sure is the quickest and accurate method to investigate EML files. Further, the investigation IP can be done with respective ISP for tracking and down the involvements and other particulars of the activities taken place.
After Understanding the Zoho mail database analysis now you think about how to perform Zoho header forensics email analysis on single emails. During the forensic
Add the Zoho Mail account to the software through the add evidence option. Select the Zoho Mail option from the Webmail list and provide the User Name & Password to access the email data. The user can easily add multiple accounts through the bulk option and also the date filter is available to reduce the accessing time.
The Software allow to examine the email data with different views such as “Mail, Hex, Properties, Message Header, MIME, Email Hop, HTML, RTF, Attachments”. This property makes the tool differ from the other forensics software. It helps the investigators to examine and analyse the email data in different view from the same platform during Zoho mail forensics.
Mail view: This view helps the investigator to examine the email messages through user perspective and perform Zoho email analysis directly on the message data. That is it will shows the basic header details like From, To, subject etc. and the email message body.
Property view: This help the investigator to get the brief summery of the email data without examine the entire data. It contains common fields such as: “Body details, Dates, Internet Header Details, Message flags, Recipients, Represent sender, Sender details, Subject”
Header view: It provide the detailed view of the email header. This informations help the investigator to track the email during the Zoho email header forensics.
The common attribute of Zoho Mail that are used to analyze during Zoho email forencs are described bellow:
Email Hop: It is an another special view provided by tool to simplifies the process of Zoho mail forensics. Which help the investigator to track the path of the email message. It will represent the path in between the sender and receiver in means of graph and Hop server. It shows all the routers, gates and switches through which the email is passed.
MIME: It represents the inner detail of the SMTP mail. Which will include the MIME version, Textual or
RTF: It will show the result only if the Rich Text Formatting of the email is available. This helps to maintain the originality of email message. The formatting and font of
HTML: It provides the HTML representation of the email data. During the
Hex: During the Zoho mail forensics hex view of the tool help the examiners to
Conclusion: Zoho Mail clearly is one of the most secure communication networks which have maintained its standard with up to date security protocols and encryptions during data transfer over the