TY - GEN
T1 - Towards comprehensive and collaborative forensics on email evidence
AU - Paglierani, Justin
AU - Mabey, Mike
AU - Ahn, Gail-Joon
PY - 2013
Y1 - 2013
N2 - The digital forensics community has neglected email forensics as a process, despite the fact that email remains an important tool in the commission of crime. At present, there exists little support for discovering, acquiring, and analyzing web-based email, despite its widespread use. In this paper we present a systematic process for email forensics which we integrate into the normal forensic analysis workflow, and which accommodates the distinct characteristics of email evidence. Our process focuses on detecting the presence of non-obvious artifacts related to email accounts, retrieving the data from the service provider, and representing email in a well-structured format based on existing standards. As a result, developers and organizations can collaboratively create and use analysis tools that can analyze email evidence from any source in the same fashion and the examiner can access additional data relevant to their forensic cases.
AB - The digital forensics community has neglected email forensics as a process, despite the fact that email remains an important tool in the commission of crime. At present, there exists little support for discovering, acquiring, and analyzing web-based email, despite its widespread use. In this paper we present a systematic process for email forensics which we integrate into the normal forensic analysis workflow, and which accommodates the distinct characteristics of email evidence. Our process focuses on detecting the presence of non-obvious artifacts related to email accounts, retrieving the data from the service provider, and representing email in a well-structured format based on existing standards. As a result, developers and organizations can collaboratively create and use analysis tools that can analyze email evidence from any source in the same fashion and the examiner can access additional data relevant to their forensic cases.
KW - Email
KW - collaboration
KW - forensics
UR - http://www.scopus.com/inward/record.url?scp=84893537100&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84893537100&partnerID=8YFLogxK
U2 - 10.4108/icst.collaboratecom.2013.254125
DO - 10.4108/icst.collaboratecom.2013.254125
M3 - Conference contribution
AN - SCOPUS:84893537100
SN - 9781936968923
T3 - Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, COLLABORATECOM 2013
SP - 11
EP - 20
BT - Proceedings of the 9th IEEE International Conference on Collaborative Computing
T2 - 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, COLLABORATECOM 2013
Y2 - 20 October 2013 through 23 October 2013
ER -