Email forensics is defined as the study of the source and content of an email to identify the author or sender, the recipient, the date and time and the origin of an email message. Email forensics can also be defined as the process of collecting and analysing email data such as archives and server logs, to establish a picture of email communication events.
In Email Forensics, Email header analysis is the primary analytical technique. This involves analysing metadata in the email header. It is evident that analysing headers helps to identify the majority of email-related crimes. Email spoofing, phishing, spam, scams and even internal data leakages can be identified by analysing the header.