Hi, I have an email that is a threat.Am wondering how to trace the orign of the email.Any ideas? Regards, -- James M. Muendo P.O Box 28016 - 00200, Nairobi. Mobile: +254725567508 skype:tim.rick | Twitter: Mmuendo | gtalk: timrick<http://muendoshead.blogspot.com/>
What do the mail headers say? On Mon, Apr 11, 2011 at 12:45 PM, James Muendo <timrick@gmail.com> wrote:
Hi,
I have an email that is a threat.Am wondering how to trace the orign of the email.Any ideas?
Regards,
-- James M. Muendo
P.O Box 28016 - 00200, Nairobi. Mobile: +254725567508 skype:tim.rick | Twitter: Mmuendo | gtalk: timrick
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards Brian Ngure
On Mon, Apr 11, 2011 at 12:45, James Muendo <timrick@gmail.com> wrote:
Hi,
I have an email that is a threat.Am wondering how to trace the orign of the email.Any ideas?
Regards,
Always in the "full headers" view. Nowhere else! -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
Its a yahoo oriented email. On 11 April 2011 12:51, Odhiambo Washington <odhiambo@gmail.com> wrote:
On Mon, Apr 11, 2011 at 12:45, James Muendo <timrick@gmail.com> wrote:
Hi,
I have an email that is a threat.Am wondering how to trace the orign of the email.Any ideas?
Regards,
Always in the "full headers" view. Nowhere else!
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- James M. Muendo P.O Box 28016 - 00200, Nairobi. Mobile: +254725567508 skype:tim.rick | Twitter: Mmuendo | gtalk: timrick<http://muendoshead.blogspot.com/>
On Mon, Apr 11, 2011 at 12:56, James Muendo <timrick@gmail.com> wrote:
Its a yahoo oriented email.
All mail should have headers showing the path it took, from the sender to the destination, unless it's from a mailing list, in which case some headers may have been substituted. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
Headers can lead you upto the IP address where the mail was sent ./Ok3ch On Mon, Apr 11, 2011 at 12:56 PM, James Muendo <timrick@gmail.com> wrote:
Its a yahoo oriented email.
On 11 April 2011 12:51, Odhiambo Washington <odhiambo@gmail.com> wrote:
On Mon, Apr 11, 2011 at 12:45, James Muendo <timrick@gmail.com> wrote:
Hi,
I have an email that is a threat.Am wondering how to trace the orign of the email.Any ideas?
Regards,
Always in the "full headers" view. Nowhere else!
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- James M. Muendo
P.O Box 28016 - 00200, Nairobi. Mobile: +254725567508 skype:tim.rick | Twitter: Mmuendo | gtalk: timrick
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Important things first when you have anything that needs forensics investigation is to move fast. You needs to know the procedures. In this age you need to know that people obfuscate their IPs, so the need to analyse how the message was written, the senders language, the tone, and if the ip is not proxied, find away of following it up with ISP, or simply hacking your way in. Also remember that these days ISPs also give people public dhcpcd IPs, so its good to collect as much info as you can immediately the email was sent before he/she switches to another public IP. Also try social engineering the guy who sent the email into clicking something during the email conversation, (there are so many sites in Kenya that have xxs), you might be able to collect his information that way through a hijacked url. Have fun. On 4/11/11, James Muendo <timrick@gmail.com> wrote:
Hi,
I have an email that is a threat.Am wondering how to trace the orign of the email.Any ideas?
Regards,
-- James M. Muendo
P.O Box 28016 - 00200, Nairobi. Mobile: +254725567508 skype:tim.rick | Twitter: Mmuendo | gtalk: timrick<http://muendoshead.blogspot.com/>
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/
http://www.ip-adress.com/trace_email/ On 11 April 2011 12:45, James Muendo <timrick@gmail.com> wrote:
Hi,
I have an email that is a threat.Am wondering how to trace the orign of the email.Any ideas?
Regards,
-- James M. Muendo
P.O Box 28016 - 00200, Nairobi. Mobile: +254725567508 skype:tim.rick | Twitter: Mmuendo | gtalk: timrick<http://muendoshead.blogspot.com/>
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
participants (6)
-
Brian Ngure -
Gichuki John Chuksjonia -
James Muendo -
Odhiambo Washington -
Okechukwu -
Simon Mbuthia