by Chirath De Alwis

Due to the rapid spread of internet use all over the world, email has become a primary communication medium for many official activities. Not only companies, but also members of the public tend to use emails in their critical business activities such as banking, sharing official messages, and sharing confidential files. However, this communication medium has also become vulnerable to attacks. This article focuses on email architecture and existing investigation techniques used by forensic investigators.

Email Architecture

When a user sends an email to a recipient, this email does not travel directly into the recipient’s mail server. Instead it passes through several servers. The MUA is the email program that is used to compose and read the email messages at the client end [1]. There are multiple MUAs available such as Outlook express, Gmail, and Lotus Notes. MTA is the server that receives the message sent from…