Question

Choose one of the laws & regulations concerning email investigations in digital forensics. What is it?  What does it cover? How does it relate to digital forensics?  

Answer 1

Electronic Communications Privacy Act and the Patriot Act

Email protection is gotten from the Fourth Amendment to the U.S. Constitution and is represented by the "sensible desire for security" standard. Shockingly, given the open idea of email referenced above (going through a few PCs and put away at different areas), the desire for protection might be less for email, particularly email at work, than for different types of correspondence.

Messages are likewise represented by the Electronic Communications Privacy Act (ECPA) and the Patriot Act. In spite of the fact that the ECPA initially set up assurances, (for example, a warrant necessity) to secure email, those insurances have been debilitated in numerous occurrences by the Patriot Act. Indeed, even where the securities stay under the ECPA, messages lose their status as an ensured correspondence in 180 days, which implies a warrant is not, at this point essential and your messages can be gotten to by a straightforward summon.

Email servers are investigated to locate the source of an email. If an email is deleted from client application, sender’s or receiver’s, then related ISP or Proxy servers are scanned as they usually save copies of emails after delivery. Servers also maintain logs that can be analyzed to identify address of the computer from which the email is originated.

It’s worth noting that HTTP and SMTP (common messaging initiation protocol) logs are archived frequently by large ISPs. If a log is archived then tracing relevant emails can take a lot of time and effort, as it requires decompressing and extraction techniques. So, it’s best to examine the logs as soon as possible lest they are archived.