Tracing Emails

Forensic Science Informatics

Unit 37 P4

Tracing e-mails

BTEOTSSSBAT trace the origin of an e-mail

P4 identify the registrant’s name and address of five IP addresses using the WHOIS database.

Every computer has an IP address (Internet Protocol)

Every computer has an IP address (Internet Protocol)

The IP address is a little like a finger print - it can help identify which computer has been used to send an e-mail or browse a web site.

Every computer has an IP address (Internet Protocol)

The IP address is a little like a finger print - it can help identify which computer has been used to send an e-mail or browse a web site.

The IP address is a ‘dotted quad’ - four numbers separated by a fullstop.

For example 88.105.175.194

This can tell us a lot about the computer.

The originating country, the ISP and sometimes even the location.

The who.is database enables us to find out information about IP addresses

To find your computer’s IP address, go here:

http://www.ip-adress.com/

The to find out more information go here:

http://www.whois-search.com/ or here

http://whatismyipaddress.com/

To find out where an e-mail has come from we need to know the sender’s IP address.

This information is usually contained in an e-mail’s full header.

Most web e-mails hide this but it can be easily uncovered.

Yahoo mail

Block of IP nos

The ISP

Country of origin