Email is certainly one of the more prevelant methods of spreading malware to a target, and likely one that any network analyst is going to be investigating on a regular basis. While nearly every bit of an email header can be found documented thoroughly at places such as the Forensic Wiki, there are a few tricks I've figured out along the way that I haven't seen anywhere else and they could help with that email you're trying to figure out where it came from.
Tuesday, September 18, 2012
Saturday, September 1, 2012
Research Tip: When WHOIS doesn't work
WHOIS is a great service when trying to find who owns a domain. Of course, if the domain isn't legitimate, then much of the WHOIS data is probably fake. That said, there's one thing that people can't typically fake: the email address. At least we have that to start with right?
So, there you are, trying to find out who owns this rather shady looking domain name. You hop over to your favorite domain lookup website, or your terminal and...
So, there you are, trying to find out who owns this rather shady looking domain name. You hop over to your favorite domain lookup website, or your terminal and...
Subscribe to:
Posts (Atom)