With the extended usage of the emailing, millions of users are part of multiple Web-based and desktop email clients. The three major web-based emailing platforms are; Gmail, Hotmail and Yahoo Mail. Being one of the popular emailing services, the possibility of culprit to be part of Yahoo is very high. Once the law enforcement investigators gets the authorization to make the investigation on sealed computer systems, email ids, etc. a thorough analysis has to be done using various strategies and methodologies. The blog will discuss about few methods to perform the Yahoo email forensics and creates the Yahoo email backup to collect the artifacts in order to analyze them in detail.
While accessing Yahoo Mail on the system using browsers, many artifacts are stored in various elements of browsers. Most importantly, cache, cookies, and history are best resources to find the evidences to collect browser relics. Date and time stamps can be collected from the history and cookies but the cache memory holds the most precious data components for investigation. Cache memory preserves web page elements to local disk and many emails read by suspect can be found in the cache folders. The location however depends on the Operating System and Browser. Location depending on the Browser and Operating Systems are mentioned below where you can perform Yahoo mail forensics and find crucial artifacts.
Cache Locations
Other browser stores might only show details of visiting site but cache folders located in the above mentioned locations will show the actual matter available in the page or email message. One major disadvantage of these cached pages is it might not show messages from Sent folder by suspect. This is because the message is mere typed on the screen without needing storing it and then it is sent. Once the cache items are collected it can be viewed and parsed through forensics tools.
Yahoo mail header is another resource to collect the artifacts from. Email header comprises of the information related to origins and genuine contents of the emails. A deep analysis made on the elements like Message ID and DKIM can help you carve out many evidences.
How to Reach to The Headers of Yahoo Mail?
In order to perform analysis on Yahoo emails in bulk, it is better to create a backup of Yahoo emails in desktop email client file format so that the analysis is done to the bulk emails. It will also end the requirement of logging in repetitively. The backup also terminates any chances of making changes in the emails and the artifacts can be collected securely for investigation. But it is important to take the backup in a right away to avoid any manipulation done with the emails. Yahoo Backup tool can be utilized to backup Yahoo mails to various file formats like; PST, EML, MSG, or MBOX.
Yahoo mail backup is an expertise mail backup solution especially designed for the forensic investigation of Yahoo mails. The application downloads all the emails in various email file formats and allows storing the emails locally. Another benefit of downloading the emails in a desktop email file is it makes the evidences portable. Investigators can share the download emails easily with colleagues and perform investigation. Below mentioned are the steps involved for downloading emails after successful installation of Yahoo mail backup solution.
Date Filters: If investigation has to be done on emails belonging to certain time span or investigator is sure that the emails allied to crime scene belong to particular span of days, investigator can use this email filter option to analyse Yahoo email header. To & From fields is to provide the range of time and emails associated to this range will get downloaded only.
Folder-wise Filter: By default all the email folders are selected, but if investigation has to be done on specific folders only, it can be un-checked. Software also creates backup of messenger chats denoted as Y! Conversations.
Once done, click on Start and the downloading of emails will proceed.
Conclusion: E-mailing system involves multiple components associated with sender and receiver client & server systems. These components along with scrutiny of emails origin can help to analyze cybercriminals emails. Collection of the emails and storing it in secured manner using email backup tools like Yahoo email Backup can be the most important and primary stage of the Yahoo mail forensics. Once the emails in bulk are collected, its components can be explored in detail. Other artifacts can be accumulated through browser cache, headers, etc. The strategies enlightened in the above section can help to analyze the emails in bulk.
