eSiteSecrets.com - http://esitesecrets.com
What Is An Email Header Trace And What Can You Learn?
http://esitesecrets.com/articles/750/1/What-Is-An-Email-Header-Trace-And-What-Can-You-Learn/Page1.html
By Ed Opperman
Published on 01/5/2009
 
An Email header trace is where you take an incoming email Locate the header information
An Email header trace is where you take an incoming email. Locate the header information. Take that header information analyze it and attempt to determine the origin of the email.

Many times when you see the question asked about how to trace an email back to the sender they will answer by telling you how to trace a header.

While a header trace is often helpful in identifying the sender usually the only thing you can determine is the senders ISP.

If you are working on a case that involves civil litigation you may be able to serve the ISP with a subpoena duces tucem.

A command to a witness to produce documents.

The ISP will send their custodian of records to testify and identify the account information they have on record.

If you are working on a criminal case you can get a search warrant signed by a judge and serve that on the ISP. The ISP will be required to turn that information over to law enforcement.

Many times the recipient of an email will want to perform a header trace to identify who sent an email but there is no civil or criminal case pending and they cannot obtain either a warrant or subpoena. Unfortunately in most cases a simple header trace will not reveal the identity of the sender. But at the same time the information it does provide can be useful, especially with the addition investigative tools such as an Email Header Comparison.

Let's say you have a suspect in mind who is sending the emails you want identified. Lets say that suspect is an ex boyfriend or girlfriend. In that case a trained investigator experienced in email tracing can take the header that needs to be identified and compare it forensically to the suspects email header and determine if they come from the same computer. With a basic email header comparison investigation you can either rule in or rule out the person as a suspect. But a trained investigator can take it even further and use little known methods to obtain more information about the senders and suspects computers including the operating system, browser and even the MAC ID.

This kind of detailed comparison could prove beyond a doubt whether or not your suspect is the sender of the email.

Most private investigators you'll find in the local yellow pages will be unfamiliar with this field of investigation. They will think it involves illegal computer hacking or that the only method is through subpeona or search warrant.

Thats why you need to hire a private investigator that is an expert in email tracing and Internet investigations. Do a Google search to find a qualified professional to handle this type of investigation.