Tuesday, September 18, 2012

Two Quick Email Forensic Nuggets

Email is certainly one of the more prevelant methods of spreading malware to a target, and likely one that any network analyst is going to be investigating on a regular basis. While nearly every bit of an email header can be found documented thoroughly at places such as the Forensic Wiki, there are a few tricks I've figured out along the way that I haven't seen anywhere else and they could help with that email you're trying to figure out where it came from.

Saturday, September 1, 2012

Research Tip: When WHOIS doesn't work

WHOIS is a great service when trying to find who owns a domain. Of course, if the domain isn't legitimate, then much of the WHOIS data is probably fake. That said, there's one thing that people can't typically fake: the email address. At least we have that to start with right?

So, there you are, trying to find out who owns this rather shady looking domain name. You hop over to your favorite domain lookup website, or your terminal and...