Solved

webmail

Posted on 2009-05-19
5
229 Views
Last Modified: 2012-05-07
Is there anyway an investigation could determine who setup a web based mail account, i.e. who is the actual person behind adjsdjasp@particulardomain.com

I beleive I no the answer but thought I'd check...
0
Comment
Question by:pma111
  • 2
  • 2
5 Comments
 
LVL 3

Expert Comment

by:Cameron_S
ID: 24422640
The short answer is yes. The long answer is that the originating account creator could be traced to a specific IIP address. That IP address could then translate to an address and individual workstation. However, a direct correlation between Bob Ross and bobross@domain.com would be hard to determine outside of computer forensics on the actual workstation in question.

If an ISP is willing to cooperate with an investigation, you could track down to an individual machine. In turn, LEO could obtain a warrant and seize the machine, if they have reason to believe it was used in a crime. This is how things like child pornography and pirated software are tracked.
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24424409
Email headers will tell you of where the message originated from (webhosting company) and if a legal agency approaches the webhosting company for more information, they can provide details of IP address that was used to logon and can help with investigations.
0
 
LVL 3

Author Comment

by:pma111
ID: 24425823
Could you ellaborate warturtle, are you saying if someone had say aol broadband as their internet service provider, but say the suspect email account was a hotmail email account suspect@hotmail.com, would the email header have some refernce to aol somewhere?
0
 
LVL 3

Accepted Solution

by:
Cameron_S earned 125 total points
ID: 24425857
What warturtle is saying is that the webmail (say Hotmail in your example) server administrators could see that the person using the webmail account was using AOL broadband. AOL Broadband admins could then in turn track it down to a physical location (house, internet cafe).

The e-mail header will simply state the server of origin, i.e. Hotmail.
0
 
LVL 16

Assisted Solution

by:warturtle
warturtle earned 125 total points
ID: 24426326
Yes, that is exactly what I was trying to say. Thanks, Cameron_S :)

Just to explain by taking your example - if someone uses AOL Broadband and accesses their hotmail account - suspect@hotmail.com to send an email to innocentyou@gmail.com then you can see the email headers and find out that the email actually came from hotmail.com (sometimes this is simply visible in the email address that the mail came from in this case its hotmail).

But, if the email came from asfdasd@askjfhasd.com , then you can see the email headers to see the IP address or the domain name of the actual server that sent the email. Then, you can do a tracert to find out which webhosting company has that IP address. And then, after that you can follow the advice from Cameron_S to take your investigations further ;-)

Hope it helps.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now