Email Headers: What can they tell the forensic investigator?
Email headers contain important information about the origin and path an email took before arriving at its final destination, including the sender’s IP address, internet service provider, email client, and even location. The information could be used to block future emails from the sender (in the case of spam) or to determine the legitimacy of a suspicious email. A review of the headers can also help to identify “header spoofing,” a strong indication the email was sent with malicious intent. Understanding the Header Fields Email headers are read chronologically from the bottom up and can be broken down into [...]