Internal IT Forensics – Tracking an e-mail bully |
Abstract
Identifying the source of threatening and distressing e-mails on an internal network.
Challenge
Our client asked for our help in identifying the source of a number of highly offensive and threatening web-mail messages targeted at one of their employees. The culprit was sending the e-mail from an anonymous e-mail address, making it difficult to trace the sender.
Approach
We performed a metadata analysis of the malicious e-mails to determine the internet address of the sender. The address was found to reside on our client’s own computer network.
We performed analysis of our client’s firewall and proxy logs. By this means we were able to determine that the e-mails originated on one of two computers on the network.
We forensically copied both computers and analysed them to evidence of the malicious e-mails.
Solution
We successfully identified the sender of the e-mails.
We identified that other malicious e-mails had been sent to two other victims, neither employees of our client. These e-mails represented a serious legal threat to our client, as the recipients could have taken action for defamation based on the e-mails.
Our report to the client was the basis of a successful disciplinary process against the sender of the email and led to the sender’s summary dismissal.
Our report also demonstrated that our client had no control over the sending of the malicious e-mail, protecting them from legal action by the other recipients.
