Carving Out Evidence Explicitly Through Hotmail Forensics

James Ryder | Modified: July 21st, 2015 | Email Forensics

Web-based email services like Hotmail are convenient for users because of their pervasiveness. Given an internet connection, you can access your email messages on Hotmail anywhere, anytime. Looking at the large number of investigation cases pertaining to Hotmail forensics, we need to explore out the ways by which we can access a user’s Hotmail account that contains mitigating messages and attachments.

Here, we will have a detailed study over the techniques that can help a forensic investigator to perform Hotmail case analysis and carve out evidence from various form of artifacts recovered from the internet activity of a user. This will help in accurate interpretation of data. Tools like SQLite DB Browser and hex editors can be employed to fetch data left on user’s hard disk.

Performing Detailed Hotmail Forensics Analysis

When a user accesses its Hotmail email account with the help of a browser, they leave behind some artifacts. These artifacts can be collected from the web browsers to recover the evidence that will facilitate the investigation procedure.

Securing Data from Hard Disk

When a user accesses its Hotmail email account with the help of a browser, they leave behind some artifacts. These artifacts can be collected from the web browsers to recover the evidence that will facilitate the investigation procedure.

Examining the SQLite Databases

For analyzing the data stored in SQLite database file formats, we require DB browser that will provide a structural representation of data and that too in an organized manner.

Where Are You Going To Locate The SQLite Files?

The location given below consists most of the user data related to internet browsing that helps investigators in Hotmail case analysis. It is obvious that a user activity related to accessing of messages and downloading of email attachments can also be tracked from this place. Here, all the user data are stored in the form of SQLite database. One can analyze the different databases to sculpt out evidence.

C:\Users\Userfolder\AppData\Local\Google\Chrome\User Data\Profile 2

History.db

On analyzing the data of History.db, the details of items downloaded by the user can be extracted conveniently. The exact date on which the user has downloaded the email attachment by using Hotmail email account can be recaptured.

During Hotmail forensics, to ensure what are the file attachments that were accessed by the user. Move to the Downloads table of History.db and you will get the URL of the website highlighting the attachment details that has been opened on the system.

Hotmail Case Analysis

The bay182.mail.live.com refers to the Hotmail account and it reflects that a user has downloaded an attachment in the form of a zip file. To verify the instances, investigators can move to the inbox of the Hotmail user account and track the attachments of that specific email message.

Hotmail Forensics

Login.db

Login data and password details can also be pulled out from the SQLite database known as login.db. Using this account specific information, investigators can get the opportunity to dive into the account of the defendant and get necessary evidence from the email messages. This method would be appropriate in the cases, where the litigant is not willing to share the email account details.

complete-details-of-account

The techniques and procedures that have been presented above to perform Hotmail case analysis are carried out using Hotmail account with Google Chrome as the web browser. Likewise, forensic investigators can carve out evidence of Hotmail account with any web browser that the defendant has been using to access its email messages. Another tool that can help you in Hotmail forensics to analyze the messages of Hotmail is Hotmail backup utility. It will download all the messages of your Hotmail account without any loss of data. Hence, forensic investigators will have the accessibility of accessing the data conveniently.

Hotmail Case Analysis

download