August 2019

How to forward a forensic copy of an email as an attachment

January 19, 2022August 28, 2019 by Sean Whalen

If you receive a fraudulent email, can be very useful to send a full forensic copy to an organization that is being spoofed, industry partners, and law enforcement.

When a user clicks forward in a mail client, the client copies the message’s content and attachments to a new message. The original message headers are not included.

In order to send a full forensic sample that includes the original message headers, the original message must be sent as an attachment in a new message. The process for doing this varies by mail client.

How to view email headers

January 19, 2022August 27, 2019 by Sean Whalen

Email headers contain very useful information for tracing a message’s origin and troubleshooting its delivery. Email headers are written with the oldest headers at the bottom, and the newest headers at the top. By reading the headers in the correct order, you can see how the message was passed from one mail server to another, and the actions each mail server took along the way.

Most email clients have a function to display a message’s headers. The exact steps depends on the client.