|
|
|
|
| Author |
|
|
Registered
|
i need computer help. detective work
is there anyway to determine if a particular email came from a computer? the crime: a really bad email was sent to a teacher. kid said he didnt do it, but i think he did. how can i prove or disprove it? time/date is not good enough. he said his friend got his password, and sent it for him.
cliff. i can check his computer, just tell me what to do.
__________________
poof! gone |
||
06-18-2005, 06:06 PM
|
|
|
The Unsettler
Join Date: Dec 2002
Location: Lantanna TX
Posts: 23,885
|
View the Internet Header. Usually an option in the email client to display it.
It'll give you the origin ip address, time, etc... Problem is if it was sent from a Webmail client and someone did get the kids PW it won't prove or disprove anything. This is what header info looks like. Return-Path: Delivery-Date: Fri, 17 Jun 2005 11:50:08 -0400 Received: from [68.142.201.189] (helo=web31709.mail.mud.yahoo.com) by mx.perfora.net with ESMTP (Nemesis), id 0MKuxu-1DjJ6e0U5T-0006tm for scott@stomachmonkeys.com; Fri, 17 Jun 2005 11:50:08 -0400 Received: (qmail 1777 invoked by uid 60001); 17 Jun 2005 15:50:08 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received  ate:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;b=UWNfS+zhj59B+mUQrSqE6TkaXUhtx+xQ+HOZMN5yC6zjddpA Tc5ixP8v9P5r/lO0mDFdwhcDSIKwZIsHm13hwbP9mpRlPDtIR88yJ6EK9i91UXr 6Hs4vuzd/1GdblwsGQBrFVaX3tPZC61fzJWwpLXt/mJ84o3xa39wFgG5pHn0= ; Message-ID: <20050617155007.1775.qmail@web31709.mail.mud.yahoo. com> Received: from [24.47.56.163] by web31709.mail.mud.yahoo.com via HTTP; Fri, 17 Jun 2005 08:50:07 PDT Date: Fri, 17 Jun 2005 08:50:07 -0700 (PDT) From: Jordan Stanley Subject: Re: Daughter To: Scott Jenkins In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-1386602451-1119023407=:1329" Content-Transfer-Encoding: 8bit Envelope-To: scott@stomachmonkeys.com
__________________
"I want my two dollars" "Goodbye and thanks for the fish" "Proud Member and Supporter of the YWL" "Brandon Won" |
||
|
06-18-2005, 06:11 PM
|
|
|
Registered
|
so this is something i need to check on the teacher's machine? i just noticed it was from a yahoo account.
__________________
poof! gone |
||
|
06-18-2005, 06:23 PM
|
|
|
Registered
|
thanks i found it on my email stuff. i will try.
__________________
poof! gone |
||
|
06-18-2005, 06:46 PM
|
|
|
Registered
|
Slightly OT, but Vash are you teaching summer school, or teach at a school? I thought that I read somewhere that you used to repair signs?
__________________
Matt '76 Porsche 911 with '78 3.0 SC engine '71 VW Bus '14 VW Passat (toddler hauler & wife approved ride) '03 Subaru Baja original yellow & silver |
||
|
06-18-2005, 08:16 PM
|
|
|
Registered
Join Date: Mar 2003
Posts: 10,322
|
Don't forget that a lot of an email can be faked. It is even possible to send without using a "real" email client.
__________________
“IN MY EXPERIENCE, SUSAN, WITHIN THEIR HEADS TOO MANY HUMANS SPEND A LOT OF TIME IN THE MIDDLE OF WARS THAT HAPPENED CENTURIES AGO.” |
||
|
06-20-2005, 05:20 AM
|
|
|
|
Registered
Join Date: Nov 2003
Location: West of Seattle
Posts: 4,718
|
E-mail detectiving is a real trick. If somebody obtained his password, then all the computer sleuthery in the world will only show that it was his user logged in. If he _gave_ his password out, then perhaps he ought to learn the lesson that he needs to be responsible for the use of the account, even if it isn't him (ianal, but I seem to recall a court precedent along those lines). Like id10t says, as well, someone entirely separate could have faked the e-mail headers -- SMTP is an open standard, a fact that makes it particularly prone to this sort of nonsense.
Good luck, Dan
__________________
'86 911 (RIP March '05) '17 Subaru CrossTrek '99 911 (Adopt an unloved 996 from your local shelter today!) |
||
|
06-20-2005, 07:50 AM
|
|
1976 Porsche 911 3.0
