Learn Computer Forensics by William Oettinger

Author:William Oettinger
Language: eng
Format: epub, mobi, pdf
Publisher: Packt Publishing Ltd
Published: 2020-04-28T00:00:00+00:00

Figure 5.4 – Jean's email header

When you look at the sender and recipient columns, and when the data is sorted chronologically, you can get a good idea about the email communication between the attacker and Jean. It appears they have compromised Allison's account, as we can see the name 'Alex' and the email account [email protected] associated with the account.

Using the event list feature of X-Ways Forensics allows us to pinpoint when the file was compromised and from what vector. Now we can direct our investigation to Allison's computer to determine whether the attacker compromised her system. Based on these initial results, I believe that the attacker targeted Jean in a phishing attack.

What I like about X-Ways Forensics is its ability to gather the dates and times from traditional sources and combine them with the actual artifacts, in this case, the emails. This gives you another level of granularity and context for your investigation.

The X-Ways Forensics documentation lists the following as sources of information for the event list feature:

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.