VIC How Long Does It Take Computer Forensics to Trace Emails?

[Missii]

If a lawyer were to trace where emails have come from, how long would it take and what is the process under Australian Law?

 

[winston wolf]

How long is a piece of string.
This depends on the skill of the one tracing and the skill of the one avoiding.

 

[Rod]

Doubt a lawyer could do an email trace! Apologies to all lawyers reading this post

The process depends on what software is being used for mail servers and whether or not a free generic email account was used (eg gmail) and whether or not you want to trace to an individual or just a business.

Sometimes all the information you need is in the email that you receive, albeit hidden in the unseen header section. Google 'email headers' for the software you use to see if that helps. If corporate systems are used, it might be harder than this to trace an email.

 

[Missii]

Doubt a lawyer could do an email trace! Apologies to all lawyers reading this post

The process depends on what software is being used for mail servers and whether or not a free generic email account was used (eg gmail) and whether or not you want to trace to an individual or just a business.

Sometimes all the information you need is in the email that you receive, albeit hidden in the unseen header section. Google 'email headers' for the software you use to see if that helps. If corporate systems are used, it might be harder than this to trace an email.

If it was a hotmail address can't the lawyer find out the location of where the email is sent?. If the sender deleted the email and there was only print out copies and the receiver having the emails is it still traceable? Does the lawyer have any grounds to do anything?

 

[winston wolf]

I guess you would need to get a subpoena from a US court to get the server logs from Microsoft pertaining to this email address then get somebody to start tracing ip addresses back to the origination computer.
So with enough money and effort yes.

 

[Missii]

I guess you would need to get a subpoena from a US court to get the server logs from Microsoft pertaining to this email address then get somebody to start tracing ip addresses back to the origination computer.
So with enough money and effort yes.

So in other words they can be traceable but the lawyer has his hands tied cant do nothing without a subpena correct?.

 

[Rod]

If it was a hotmail address can't the lawyer find out the location of where the email is sent?

Unlikely. Generally need a court subpoena before Hotmail (Microsoft) will release details. They may be able to give an IP address of the person who logged into the account and sent the email, then find the ISP that owns that address, then subpoena the ISP for details of the customer using that IP address. The process may fail at any stage depending on how 'sneaky' the sender has been.

If the sender deleted the email and there was only print out copies and the receiver having the emails is it still traceable?

A sender deleting an email does not affect the ability to trace an email once it has been sent.

Does the lawyer have any grounds to do anything?

If the court accepts his request for a subpoena.

 

[Tim W]

So in other words they can be traceable but the lawyer has his hands tied cant do nothing without a subpena correct?.

No, not necessarily correct.

There is nothing stopping a lawyer asking an ISP (or an email provider) to produce emails.
An ISP (or email provider) is free to comply with a request of this kind.
But they are equally free, without more, to decline.
And so, yes, it can take a court order (usually but not always a subpoena) to get them to provide them.

By comparison, it is easier, faster, and cheaper, to forensically examine computer hardware.
That is, the actual machine(s) from which the email might have been sent.

And easier still to make an order requiring a respondent to provide of access to, say, a Gmail or Hotmail account.

How likely any of this is to happen depends on the facts and circumstances.
What's the back story to your question?

 

[Worldly1]

"Emails sent from Yahoo! Mail and Microsoft Hotmail/Live Mail can generally be traced to a public IP address" - a computer forensic expert can do this quite easily. And yes, deleting an email doesn't really delete the email - think about the fat that it would have been stored in a couple of servers at least. Have a look at "Computer Forensics: An Introduction" from one of the leading experts in this area.