E-mail analysis is the task performed in the network forensics. It is the analysis of emails sent and received at different ends. These days there are only few ways to analyse emails. Most accepted method is Manual method of Analysis. While performing Manual method of Analysis we try to spot the spoofed messages which are sent through SMTP.
So by analysing it we can decode the message which is sent. After decoding the IP addresses are analysed and their location is traced. Server logs are checked at the same time to ensure that all the activities are mentioned in the timeline so formed. If any suspicious activity is found, the mails are recovered and can be used as evidence against the sender. Email is extracted from the client server which keeps a copy of sent mails until a specific number.
We are having the software’s which can detect the after the crime has happened. There is no software that can operate in real time and check all the mails going through the server and can inform the network forensic expert if any suspicious activity is found. So, a software is needed which can serve all the purposes that a good analyse possess. It must indicate all suspicious activities, must trace the location, IP address, ISP of the sender. Here is an idea of what can be a solution to all these problems. The idea of a miscellaneous software which would be artificially intelligent, will analyse all the mails going through the internet and will gather the notice of the network forensic analyser according to the threat level of the mail so identified.
The proposed architecture of the automatic email analyser is as follows. Here between the sender end and receiver end, we have an artificially intelligent email analyser between the routers of the network connections. This email analyser would be powered by artificial intelligent which would analyse all the emails going through the network connection.
The emails can be analysed in many ways but there can be two most feasible ways to solve this problem. The first way is that it would check all the strings of the mails using a string filter embedded at the central node of the network. As soon as some similar message from same sender to same receiver is encountered, it could be marked as a suspicious activity and can be pushed to the forensic analyst after particular number of attempts of that type of similar messages. The second way of analysis is that it can check for the header of the mail and the content of the mail. If no relation is established between the subject and the content, it can mark it as a suspicious mail and again after many similar mails, it can push it to the forensic analyser for further deep analysis.
Cite this Essay
To export a reference to this article please select a referencing style below