Scribd
Upload
60 views3 pages

Email Abuse Case Study: Jerin vs Kevin

The case study outlines the investigation of email abuse involving Ms. Jerin and Mr. Kevin, detailing evidence collection methods including social media, email, and device forensics. Forensic tools like FTK Imager and Autopsy were utilized to analyze the evidence, revealing connections between Mr. Kevin and the harassment incidents. Legal actions were taken under relevant laws, and post-incident measures emphasized the importance of evidence preservation and cyber awareness.

Uploaded by

Naman Chadha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
60 views3 pages

Email Abuse Case Study: Jerin vs Kevin

The case study outlines the investigation of email abuse involving Ms. Jerin and Mr. Kevin, detailing evidence collection methods including social media, email, and device forensics. Forensic tools like FTK Imager and Autopsy were utilized to analyze the evidence, revealing connections between Mr. Kevin and the harassment incidents. Legal actions were taken under relevant laws, and post-incident measures emphasized the importance of evidence preservation and cyber awareness.

Uploaded by

Naman Chadha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Email Abuse (Jerin vs Kevin) case study

a. Evidence Collection During the Investigation


During the investigation, the forensic team would gather the following evidence:
1. Social Media Evidence
o Screenshots and archived copies of offensive messages from Instagram and X
(Twitter).
o Metadata from direct messages (timestamps, sender IDs, IP logs if
retrievable).
o URLs and content of fake profiles created in Ms. Jerin’s name.
o Downloaded social media activity logs using official data export features.
2. Email Evidence
o Complete email headers from threatening emails (for IP address tracing).
o Email body content and attachments for malicious content.
o Log of failed login attempts on Ms. Jerin’s work and personal accounts.
3. Doxxing Material
o Screenshots and archived pages from sites or forums hosting leaked personal
details.
o WHOIS information of domains involved.
o Any uploaded files containing personal information with embedded metadata.
4. Account Intrusion Attempts
o Cloud storage provider’s access logs (IP address, device ID, location).
o Corporate email server logs from the victim’s employer’s IT department.
5. Device Forensics
o Bit-by-bit forensic images of victim’s laptop and smartphone.
o Examination for spyware, phishing attempts, or suspicious applications.
6. Network Evidence
o Traceroute and IP geolocation data from intrusion logs.
o Packet captures, if available, from attempted breaches.
7. Witness Statements
o Friends, family, or co-workers aware of the harassment timeline and events.
b. Forensic Tool Used & Justification
Primary Tools:
 FTK Imager – Used to create forensically sound images of devices, ensuring
evidence integrity through hashing (MD5/SHA-1).
 Autopsy – For deep analysis of acquired images (timeline building, keyword search,
deleted data recovery, email parsing).
 MXToolbox – For analyzing email headers and identifying the origin of threatening
emails.
 Magnet AXIOM – For social media and cloud artifact extraction.
Justification:
 FTK Imager ensures the original evidence is untouched while producing admissible
forensic images.
 Autopsy supports multiple evidence formats, allows detailed search and analysis, and
is recognized in court.
 MXToolbox is specialized for email forensics, useful for tracing threats to their
origin.
 Magnet AXIOM provides comprehensive artifact extraction from mobile, computer,
and cloud accounts.

c. Findings Identified by the Examiner


The forensic examination revealed:
1. Social Media Linkage – Fake profiles traced to IP addresses registered under Mr.
Kevin’s ISP account.
2. Threatening Emails – Originated from newly created accounts with IP addresses
linked to Mr. Kevin’s mobile data network.
3. Doxxing Source – Metadata in leaked files showed creation on Mr. Kevin’s personal
laptop.
4. Intrusion Attempts – Multiple failed login attempts into Ms. Jerin’s work email and
cloud storage from the same IP ranges tied to Mr. Kevin.
5. Digital Fingerprints – Similar language patterns, image reuse, and timestamps
correlated with suspect’s known online activity.

d. Legal Procedure Taken Based on Findings


1. Cyber Crime Complaint Filing under relevant laws (example: Indian laws):
o IT Act, 2000:
 Sec. 66C – Identity theft
 Sec. 66D – Cheating by personation using computer
 Sec. 66E – Violation of privacy
 Sec. 67 & 67A – Publishing obscene material online
o IPC:
 Sec. 354D – Cyberstalking
 Sec. 507 – Criminal intimidation by anonymous communication
 Sec. 500 – Defamation
2. Preservation Notices sent to social media companies, email providers, and ISPs to
retain logs.
3. Search & Seizure warrant issued for Mr. Kevin’s devices.
4. Arrest & Chargesheet Filing with forensic report attached as primary evidence.
5. Court Proceedings initiated with digital evidence presented by certified forensic
examiner.

e. Post-Incident Measures & Lessons Learned


Post-Incident Measures:
 Removal of fake profiles through platform abuse reporting.
 Implementation of strong passwords and multi-factor authentication for all accounts.
 Enhanced corporate email security by the employer’s IT department.
 Legal restraining order against Mr. Kevin.
 Counseling and cyber safety training for the victim.
Lessons Learned:
1. Importance of Early Evidence Preservation – Even screenshots and logs collected
by the victim are critical.
2. Need for Cyber Awareness – Preventative measures like MFA could reduce intrusion
attempts.
3. Value of Digital Forensics in Law Enforcement – Initial dismissal could have been
avoided with trained cyber crime personnel.
4. Cross-Platform Threats Require Multi-Source Investigation – Harassment can
span multiple digital channels simultaneously.
5. Collaboration with Service Providers – Fast response from social media and email
providers is essential for evidence collection.

You might also like