i need computer help. detective work
 

is there anyway to determine if a particular email came from a computer? the crime: a really bad email was sent to a teacher. kid said he didnt do it, but i think he did. how can i prove or disprove it? time/date is not good enough. he said his friend got his password, and sent it for him.

cliff.
i can check his computer, just tell me what to do.

View the Internet Header. Usually an option in the email client to display it.

It'll give you the origin ip address, time, etc...

Problem is if it was sent from a Webmail client and someone did get the kids PW it won't prove or disprove anything.

This is what header info looks like.

Return-Path: <stanleymarketing@yahoo.com>
Delivery-Date: Fri, 17 Jun 2005 11:50:08 -0400
Received: from [68.142.201.189] (helo=web31709.mail.mud.yahoo.com)
by mx.perfora.net with ESMTP (Nemesis),
id 0MKuxu-1DjJ6e0U5T-0006tm for scott@stomachmonkeys.com; Fri, 17 Jun 2005 11:50:08 -0400
Received: (qmail 1777 invoked by uid 60001); 17 Jun 2005 15:50:08 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
b=UWNfS+zhj59B+mUQrSqE6TkaXUhtx+xQ+HOZMN5yC6zjddpA Tc5ixP8v9P5r/lO0mDFdwhcDSIKwZIsHm13hwbP9mpRlPDtIR88yJ6EK9i91UXr 6Hs4vuzd/1GdblwsGQBrFVaX3tPZC61fzJWwpLXt/mJ84o3xa39wFgG5pHn0= ;
Message-ID: <20050617155007.1775.qmail@web31709.mail.mud.yahoo .com>
Received: from [24.47.56.163] by web31709.mail.mud.yahoo.com via HTTP; Fri, 17 Jun 2005 08:50:07 PDT
Date: Fri, 17 Jun 2005 08:50:07 -0700 (PDT)
From: Jordan Stanley <stanleymarketing@yahoo.com>
Subject: Re: Daughter
To: Scott Jenkins <scott@stomachmonkeys.com>
In-Reply-To: <BED84021.21E5%scott@stomachmonkeys.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1386602451-1119023407=:1329"
Content-Transfer-Encoding: 8bit
Envelope-To: scott@stomachmonkeys.com

so this is something i need to check on the teacher's machine? i just noticed it was from a yahoo account.

thanks i found it on my email stuff. i will try.

Slightly OT, but Vash are you teaching summer school, or teach at a school? I thought that I read somewhere that you used to repair signs?

Don't forget that a lot of an email can be faked. It is even possible to send without using a "real" email client.

E-mail detectiving is a real trick. If somebody obtained his password, then all the computer sleuthery in the world will only show that it was his user logged in. If he _gave_ his password out, then perhaps he ought to learn the lesson that he needs to be responsible for the use of the account, even if it isn't him (ianal, but I seem to recall a court precedent along those lines). Like id10t says, as well, someone entirely separate could have faked the e-mail headers -- SMTP is an open standard, a fact that makes it particularly prone to this sort of nonsense.

Good luck,

Dan