Important things first when you have anything that needs forensics investigation is to move fast. You needs to know the procedures. In this age you need to know that people obfuscate their IPs, so the need to analyse how the message was written, the senders language, the tone, and if the ip is not proxied, find away of following it up with ISP, or simply hacking your way in. Also remember that these days ISPs also give people public dhcpcd IPs, so its good to collect as much info as you can immediately the email was sent before he/she switches to another public IP. Also try social engineering the guy who sent the email into clicking something during the email conversation, (there are so many sites in Kenya that have xxs), you might be able to collect his information that way through a hijacked url. Have fun. On 4/11/11, James Muendo <timrick@gmail.com> wrote:
Hi,
I have an email that is a threat.Am wondering how to trace the orign of the email.Any ideas?
Regards,
-- James M. Muendo
P.O Box 28016 - 00200, Nairobi. Mobile: +254725567508 skype:tim.rick | Twitter: Mmuendo | gtalk: timrick<http://muendoshead.blogspot.com/>
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/