07 01 c Forensik email Analyze

ZAAN Tutorial

26 Sept 202109:30

Summary

TLDRThis video tutorial covers essential techniques for analyzing forensic emails, focusing on header, body, and attachment analysis. It guides viewers on how to decode email properties like 'Kya' and 'ID' for routing information, use SPF to detect fake senders, and track SMTP hops for email authenticity. Tools like mxtoolbox.com, message analyzer, and Virustotal are introduced to validate email headers, links, and attachments for potential threats. Viewers are taught to identify dangerous hyperlinks and malicious attachments, ultimately equipping them with the knowledge to recognize and avoid phishing and scam emails.

Takeaways

😀 Understand the importance of analyzing email headers to identify the origin, recipient, and potential authenticity of the email.
😀 Learn how to decode the Kya and How ID encodings in email headers to assess whether an email was sent from a trusted server.
😀 Familiarize yourself with the Sender Policy Framework (SPF) to identify whether an email sender is legitimate or fake.
😀 Investigate the SMTP hop or path of the email to trace its journey from sender to recipient, which can reveal the email's authenticity.
😀 Use tools like mxtoolbox.com and message analyzers to easily review email header data, including SMTP hops and relay times.
😀 Google Maps can provide simpler insights into email relay information, including basic message and relay details.
😀 Be cautious of suspicious hyperlinks in email bodies, as they might redirect to malicious sites, posing a security risk.
😀 Analyze email attachments carefully, as they can contain malicious content hidden in various file extensions (e.g., .pdf, .doc).
😀 Utilize tools like VirusTotal to scan email attachments and URLs for potential threats, ensuring safety before opening or clicking.
😀 Always verify unknown URLs by copying and pasting them into a tool like VirusTotal to check for potential phishing or malicious activity.
😀 Apply the techniques learned from email forensics to identify real vs. fake emails and protect yourself from scams and phishing attempts.

Q & A

What is the first step in forensic email analysis according to the script?
-The first step is analyzing the email header, specifically focusing on the 'Kya' or 'ID' encoding to understand where the email is coming from, whether it’s been read or not, and identifying the path it took.
What does the 'sender policy framework' (SPF) help identify in email analysis?
-The sender policy framework (SPF) helps identify whether the email sender is legitimate, neutral, or potentially a fake sender, aiding in the detection of phishing or spam emails.
What does the script mention about the SMTP hops in email analysis?
-The script explains that SMTP hops are crucial to track where the email was sent from and to, and how it traversed different SMTP servers to reach its destination. This helps in understanding the route of the email and potential irregularities.
Which tool is suggested in the script for analyzing email headers and SMTP relays?
-The script suggests using tools like 'mxtoolbox.com' and the 'English toolbox' to view relay information and SMTP hops. These tools help in visualizing the journey of the email and detecting any unusual activity.
How can Google Maps assist in email analysis?
-Google Maps can help in analyzing email headers by showing simpler relay information, like who sent the email and how it was forwarded across various SMTP hubs, though it provides less detailed data compared to other tools.
What is the main concern regarding dangerous hyperlinks in email bodies?
-The main concern is that attackers may use deceptive hyperlinks in the email body, leading to phishing sites or malicious websites that can compromise user data. It's crucial to inspect and verify hyperlinks to avoid falling for scams.
How does the script suggest verifying the safety of a hyperlink in an email?
-The script suggests copying the hyperlink, not just the text, and pasting it into a tool like virustotal.com to check if the URL is dangerous or safe.
What should be done if suspicious attachments are found in an email?
-The script recommends uploading the attachment to virustotal.com for a thorough scan to determine if the file is safe or contains any malicious content.
Why is attachment analysis in forensic email analysis considered tricky?
-Attachment analysis is tricky because email attachments can have many different extensions, some of which may contain exploits or hidden malware. The variety of file types can make it challenging to identify potential threats.
How can virustotal.com help in analyzing both email attachments and body content?
-Virustotal.com helps by scanning email attachments for malware and checking URLs in the body for potential threats, providing a quick and reliable way to assess whether an email is safe or dangerous.