Learn how to analyze a suspicious e-mail — Part one.

-> What to examine?

To conduct a forensic analysis of a suspicious email, it is essential to examine various components that can provide valuable information about the email’s origin and intent.

Imagine that you have received a suspicious e-mail from "Pirate Bank", a fake bank used only for this case study.

Hello Customer,

We have noticed suspicious activities on your account and need you to verify your information immediately to protect your account.

Click here to verify your account.

Attachments: Important_Document.pdf

Atenciosamente, Sincerely, Support Team Pirate Bank

Now, what you should do?

1. Email Isolation: Move the suspicious email to a separate folder in a controlled environment. Ensure that the email is not deleted or altered.
2. Initial Documentation: Document all visible information without opening the email, such as the sender’s address, the subject, and the date and time it was received.
3. Communication with Security Team: Inform the IT security team or the responsible department about the suspicious email so that they can take the necessary steps.
4. Tools Preparation: Prepare the forensic analysis tools that will be used to examine the email, such as email header analyzers, URL checkers, and malware scanners.
5. Action Log: Keep a detailed record of all actions taken during the analysis, including screenshots and notes, for audit purposes and future investigation.

In Part 2 of this article will demonstrate the use of Tools Preparation.

Read also on Medium!