Email forensics is defined as the study of the source and content of an email to identify the author or sender, the recipient, the date and time and the origin of an email message. Email forensics can also be defined as the process of collecting and analysing email data such as archives and server logs, to establish a picture of email communication events.
In Email Forensics, Email header analysis is the primary analytical technique. This involves analysing metadata in the email header. It is evident that analysing headers helps to identify the majority of email-related crimes. Email spoofing, phishing, spam, scams and even internal data leakages can be identified by analysing the header.

Cyforce has experienced and EX-Scientific officers from state govt laboratories as well as central government laboratories in the field of Digital Forensics.
It is highly recommended that the email data is always acquired and extracted by experienced digital forensic professionals because they know how to acquire the data in a forensic sound way.

This includes the following things:

1. 1. The complete email data extraction makes sure that there is no ambiguity as well as there is no change in email metadata.
2. 2. The validity/genuineness of email data is maintained by calculating hash value so it can be admissible in a court of law.
3. 3. Recovery of deleted emails is possible in some conditions.