How to Check Properties of Multiple Emails via Single Solution

how to check email properties
author
Published By Mohit
Anuraag Singh
Approved By Anuraag Singh
Published On May 31st, 2023
Reading Time 4 Minutes Reading
Category Forensics

Emails contain many fields that are meant to be hidden from the user. Most email clients ensure that the redundant metadata that is concealed beneath their clutter-free user interface never needs to be seen. However, there comes a time when investigators have to check email properties of not just a single email but multiple emails, to carve out crucial evidence for solving a case related to cybercrime. 

Since hackers often manipulate emails, email forensic experts check email attributes thoroughly to extract vital evidence.

Email properties contain various crucial information that helps investigators determine whether the email attributes, in some way, are altered or not. Before examining the properties of an email, it’s essential to understand what information it holds. Moreover, where should you look for?

Let’s find the answers to the above queries.

Email Properties – A Brief Introduction

Email properties carry important information about the message that has been traversed before reaching its final destination. This information includes the sender’s and recipient’s names, CC, BCC, Message header ID, Dates received & sent, SPF, DKIM, DMARC info, MD5, SHA1, and SHA256 details.

However, different email clients display the email details differently, and finding methods are also distinct. This complexity makes it difficult for forensic examiners to read the email properties of messages.

For instance,
1. In Gmail, it shows the information related to message ID, From, To, Created on, Subject, SPF, DKIM, and DMARC. To check email properties of Gmail, you need to follow the below procedure:

  • Open a particular email >> Click on the vertical three dots >> Press the Show Original option.
  • After that, it’ll redirect you to another tab showing the original message information.

2. In the Outlook desktop-based client, you’ll find the message details in the ‘internet header’ section. The steps to find the header is as follows;

  • Double-click on the email >> Click on File >> Properties.

3. In Apple mail, you’ll get the message header information such as Return-path, Original-Recipient, Received From, Message-ID, MIME version, etc. by following the below steps:

  • Open a particular email >> Go to View tab >> Click on Message >> Raw Source.

The above examples show how you can view the email properties of different email clients.

But, unfortunately, they don’t display all the properties that are essential to carry out an email investigation. That’s why a Professional Email Forensics Tool is recommended.

Why Opt For a Professional Solution to Check Email Properties?

When it comes to investigating a case related to cybercrime, every minute detail counts. From sender/receiver info to hash values, everything matters. Yes, the hash value is also important because it helps in determining the data integrity.

Since manually it’s quite a task to dig out the email details, especially the hash values & whether the message is encrypted or not, the ingenious tool becomes very useful.

MailXaminer is able to carve out each and every detail of the email message which can be helpful for investigating officers. In other words, it can thoroughly check email properties. To get a clear picture of what it displays, refer to the below images.

Check Email Properties

Properties View

From the above figures, it’s clear that the tool provides all the necessary information that an investigation officer may need to check email properties.

Furthermore, the tool is capable of doing so many things.

Advanced Features of the Well-Engineered Tool

The tried and tested software is not only helpful in investigating and tracking suspicious emails but also useful in various other cases. The tool can examine image content using advanced OCR capabilities.

Secondly, the robust forensic keyword search function is proved to be helpful in finding evidence from the bulk of electronic data.

In addition, the tool can track connections between the suspects through Advanced Intelligent Link Analysis.

Apart from reading the email properties of a message and the aforementioned functionalities, there are other benefits of using the tool. Such as,

  • You’ll be able to search terabytes of data from 20+ different file formats like PST, OST, MBOX, EDB, etc.
  • The tool supports 80+ email clients. Gmail, Office 365, iCloud, Rackspace, and Hotmail are a few to name.
  • The interface is very simple to work with. That means if you are not a technically sound person then it won’t be an issue.
  • It allows you to perform forensic analysis on Skype data such as calls, chats, etc.

Conclusion

Nowadays, the use of electronic documents (mostly emails) as evidence is playing an important part in legal proceedings. Further, it becomes crucial to check email properties while investigating a case related to cybercrime. Hence, it only seems feasible to use an expert-recommended tool that can look into the details and prove to be helpful during the entire analysis process.

author

By Mohit

Mohit, a renowned digital and cyber forensics expert, specializes in extracting, analyzing, and preserving digital evidence. He helps organizations protect their sensitive data from cyber threats by uncovering hidden clues and providing actionable insights. Mohit's commitment to staying updated with the latest industry trends ensures he delivers valuable articles on safeguarding organizations from emerging cyber risks.