Tuesday, 8 November 2011

Viewing Email headers

An e-mail message is composed of a message header and the subject body. An investigation involving e-mail may hinge on successfully capturing the e-mail header. The e-mail header is imperative as it holds information detailing the e-mail’s origin. This will include the source IP address of where it came from (this can be spoofed but it is less likely),  the method used to send it and potentially who sent it. The subject body of the e-mail contains the message. Subsequent to copying the email message, the e-mail header can be retrieved. This process is different for each e-mail program.
Below we detail the process used to display the email headers in a number of common email clients.

Retrieving the Email Header (Microsoft Outlook)

 

1.      Open Outlook and open the copied email message.

2.      Right-click the message and click Options to open the dialog box.

3.      Select the header text and make a copy of it.

4.      Paste the header text in any text editor and save the file with as Filename.txt.

5.      Hit <Alt-P> and take a screen image of the header. Print this Image.

6.      Save a Copy of the E-mail message as message.msg

7.      Close the program.

Retrieving the Email Header (Outlook Express)

1.      Open Outlook Express.

2.      Right-click the message and click Properties.

3.      To view the header, click Details.

4.      Click Message Source to view the details.

5.      Select the message header text and copy it.

6.      Paste the text in any text editor and save the file as Filename.txt.

7.      Save a copy of the e-mail (with the header) to disk.

8.      Hit <Alt-P> and take a screen image of the header. Print this Image.

8.      Close the program.

Retrieving the Email Header (Eudora)

1.      Open Eudora.

2.      Select and go to the Inbox folder.

3.      Double-click the message to select and open it.

4.      Select the message header text and copy it.

5.      Paste the text in any text editor and save the file as Filename.txt.

6.      Save a copy of the e-mail (with the header) to disk.

9.      Hit <Alt-P> and take a screen image of the header. Print this Image.

7.      Close the program.

Retrieving the Email Header  (AOL)

1.      Open AOL.

2.      Open the e-mail message.

3.      Click the “DETAILS” link.

4.      Select the message header text and copy it.

5.      Select the message header text and save the file as Filename.htm. This may also be achieved from saving the “view source” data associated with the header.

6.      Hit <Alt-P> and take a screen image of the header. Print this Image.

7.      Close the program.

Retrieving the Email Header  (Hotmail)

1.      Go to Hotmail and login using your web browser.

2.      Open the relevant e-mail message.

3.      Go to Options and click Preferences. For version No.8 click Mail Display Settings.

4.      Click Advanced Header. For version No. 8 go to Message Headers and click Advanced option.

5.      Select the message header text and copy it.

6.      Select the message header text and save the file as Filename.htm. This may also be achieved from saving the “view source” data associated with the header.

7.      Hit <Alt-P> and take a screen image of the header. Print this Image.

8.      Close the program.

Retrieving the Email Header (Yahoo)

1.      Open Yahoo.

2.      Go to Mail Options on the right hand side.

3.      Go to the General Preferences link and click “Show All Headers On Incoming Messages” and save the message.

4.      Select the message header text and save the file as Filename.htm. This may also be achieved from saving the “view source” data associated with the header.

5.      Hit <Alt-P> and take a screen image of the header. Print this Image.

6.      Close the program.

Retrieving the Email Header  (Pine for UNIX)

1.      Start the e-mail client program by typing “pine” at the command prompt.

2.      For setup options press “S”.

3.      For the e-mail configuration press “C”.

4.      Exit the mode of configuration by pressing “E”.

5.      Save the changes by typing “Y”.

6.      After selecting the message using the arrow keys, select “O” from the lower screen.

7.      View the header by typing “H”.

8.      Close the program by typing “Q”.

1 comment:

Tim Smith said...

GMail: Open the mail item and click the 'More' down-arrow in the top-right corner. Choose the 'Show original' item from the drop-down list.