A2Z Forensics has hired you to investigate an email that has been received by one of their employee. This email looks su

Business, Finance, Economics, Accounting, Operations Management, Computer Science, Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Algebra, Precalculus, Statistics and Probabilty, Advanced Math, Physics, Chemistry, Biology, Nursing, Psychology, Certifications, Tests, Prep, and more.
Post Reply
answerhappygod
Site Admin
Posts: 899603
Joined: Mon Aug 02, 2021 8:13 am

A2Z Forensics has hired you to investigate an email that has been received by one of their employee. This email looks su

Post by answerhappygod »

A2Z Forensics has hired you to investigate an email that has
been received by one of their employee. This email looks suspicious
to the company and they want to know the information such as from
where and when this email was generated and also any other related
information. They have provided you the email header as shown in
the figure below. You have been asked to analyse this email header
and describe the information while evaluating this header file. The
company also wants to trace back the origin of this email. In this
scenario, what would you recommend the company in order to trace
back this email?
A2z Forensics Has Hired You To Investigate An Email That Has Been Received By One Of Their Employee This Email Looks Su 1
A2z Forensics Has Hired You To Investigate An Email That Has Been Received By One Of Their Employee This Email Looks Su 1 (53.51 KiB) Viewed 18 times
Figure for Question 4: An e-mail header with line numbers added
(The email addresses are not real addresses.)
Outlook header.bit-Notepad File Edit Format View Help Return-Path: h. <[email protected]> Received: from NAM84-C01-obe.outbound.protection.outlook.com (mail-oln040092010888.outbound.protection.out (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ataiw-aad05.mx.aol.com (Internet Inbound) with ESMTPS id 788E37000008 for [email protected]>; Mon, 18 Jul 2017 18:33:12 -0400 (EDT) 3. DKIM-Signature: v-1; a=rsa-sha256; c-relaxed/relaxed; d-outlook.com; s-selector1; h-From:Date: Subject:Message-ID:Content-Type:MIME-Version; bh-1r2UozDUrSt47+58KxEKYZKL84z9Xa5pdNS+eLR66fc-; begalykGSNrAUEF2RXw11P99hJSSA++U4ov@ar6361aUQ0ng2y66ARNrNonxnEwh31tKgLXdgplofkBmH5UTZJYDR3x4q26nZWYoF801bQ7h30Gby Received: from SNINAMB4FT054.eop-NAMB4.prod.protection.outlook.com (10.152.88.54) by SNINAM84HT232.eop-NAM84.prod.protection.outlook.com (10.152.89.67) with Microsoft SMTP Server (version-TLS1_2, cipher-TLS ECDHE_RSA_WITH_AES 256_CBC_SHA384 P384) id 15.1.1240.9; Mon, 18 Jul 2017 22:33:04 +0000 5. Received: from DM3PR14MB1033.namprd14.prod.outlook.com (10.152.88.60) by SNINAM04FT054.mail.protection.outlook.com (18.152.89.2) with Microsoft SMTP Server (version-TLS1_2, cipher-TLS ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1240.9 via Frontend Transport; Mon, 18 Jul 2017 22:33:04 +0000 Received: from DM3PR14MB1033.namprd14.prod.outlook.com ([18.166.159.17]) by DM3PR14MB1033.namprd14.prod.outlook.com ([10.166.159.17]) with mapi id 15.01.1240.020; Mon, 10 Jul 2017 22:33:03 +0000
Join a community of subject matter experts. Register for FREE to view solutions, replies, and use search function. Request answer by replying!
Top
Post Reply

Return to “Archived Questions & Answers”