Title: Possible attempts to identify e-mail header of the sender for academic qualification fraud

Authors: Nathaporn Utakrit; Pongpisit Wuttidittachotti

Addresses: Department of Technical Education Management, King Mongkut's University of Technology North Bangkok, 1518 Pracharat 1 Road, Wongsawang, Bangsue, Bangkok, Thailand ' Department of Data Communication and Networking, King Mongkut's University of Technology North Bangkok, 1518 Pracharat 1 Road, Wongsawang, Bangsue, Bangkok, Thailand

Abstract: This research aims to contribute to forensic counteractive measures that can identify and track the people who use e-mail for diploma mills. The authors had adopted e-mail forensic process to acquire, extract, analyse, and interpret data. The scope of this research included the empirical analysis from the experimental e-mails' headers using forensic tools and manual approach based on the request for comments (RFCs) as the primary guidelines. The study found that the commercial tool extracted headers less often than the free alternatives. E-mail sent from desktops provided the computer name and ISP of the sender. However, typical and anonymous e-mails can only trace back to the original mail servers. Although tools could provide investigators with ease and convenience, data acquisition and validation need to be done manually. This research is not the ad hoc mechanism, but it can be implemented in other criminal investigations or related endeavours.

Keywords: e-mail message header; e-mail forensics; anonymous e-mail; typical e-mails; diploma mills; request for comments; RFCs.

DOI: 10.1504/IJESDF.2021.111719

International Journal of Electronic Security and Digital Forensics, 2021 Vol.13 No.1, pp.28 - 52

Received: 16 May 2019
Accepted: 10 Dec 2019
Published online: 11 Dec 2020 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article