Title

An Empirical Analysis of Email Forensics Tools

Campus

Dahlonega

Publication date

5-2020

Publisher

AIRCC Publishing Corporation

Book or Journal Information

International Journal of Network Security & its Applications.

Keywords

Email forensic, digital forensic, report generation, keyword search, tools, Enron, filtering

Abstract

Emails are the most common service on the Internet for communication and sending documents. Email is used not only from computers but also from many other electronic devices such as tablets; smartphones, etc. Emails can also be used for criminal activities. Email forensic refers to the study of email detail and content as evidence to identify the actual sender and recipient of a message, date/time of transmission, detailed record of email transaction, intent of the sender, etc. Email forensics involves investigation of metadata, keyword, searching, port scanning and generating report based on investigators need. Many tools are available for any investigation that involves email forensics. Investigators should be very careful of not violating user’s privacy. To this end, investigators should run keyword searches to reveal only the relevant emails. Therefore, knowledge of the features of the tool and the search features is necessary for the tool selection. In this research, we experimentally compare the performance of several email forensics tools. Our aim is to help the investigators with the tool selection task. We evaluate the tools in terms of their keyword search, report generation, and other features such as, email format, size of the file accepted, whether they work online or offline, format of the reports, etc. We use Enron email dataset for our experiment.

Author Biography

Dr. Ahmad Ghafarian is a full time Professor of Computer Science & Cybersecurity at the University of North Georgia, UNG. His educational credentials include a Postdoctoral Fellowship in Information Security, Ph.D. & M.S. in Computer Science, and B.S. in Mathematics. He is specialized and conduct research in various areas of cybersecurity including but not limited to malware analysis, various aspects of digital forensics, cloud computing security, VoIP security, and social computing security. He has about forty peer reviewed publications to his credit.

Share

COinS
 

An Empirical Analysis of Email Forensics Tools

Emails are the most common service on the Internet for communication and sending documents. Email is used not only from computers but also from many other electronic devices such as tablets; smartphones, etc. Emails can also be used for criminal activities. Email forensic refers to the study of email detail and content as evidence to identify the actual sender and recipient of a message, date/time of transmission, detailed record of email transaction, intent of the sender, etc. Email forensics involves investigation of metadata, keyword, searching, port scanning and generating report based on investigators need. Many tools are available for any investigation that involves email forensics. Investigators should be very careful of not violating user’s privacy. To this end, investigators should run keyword searches to reveal only the relevant emails. Therefore, knowledge of the features of the tool and the search features is necessary for the tool selection. In this research, we experimentally compare the performance of several email forensics tools. Our aim is to help the investigators with the tool selection task. We evaluate the tools in terms of their keyword search, report generation, and other features such as, email format, size of the file accepted, whether they work online or offline, format of the reports, etc. We use Enron email dataset for our experiment.