Email forensics: desktop-based clients

Emails are the most commonly used technology for exchanging messages between people/businesses using electronic media. With every technology, there comes a risk. This medium of message exchange has been used the most by cybercriminals for manifesting different crimes. Hence email forensics plays a very important role in any investigation. There are a lot of different providers who offer email clients eg: outlook, thunderbird etc. 

Before getting into forensics, it’s worth understanding some of the basic components of an email.

Mail User Agent (MUA): Mail User Agent, is the mail user agent which is used as a application running on a computer for sending and receiving emails. Example: Outlook, ThunderBird, 

Mail Transfer Agent (MTA):  Mail Transfer Agent accepts messages from a sender and routes it to the destination. Example of MTA is postfix, Sendmail , etc.

MUA communicates with MTA using different protocols like IMAP & POP3 to download the messages intended for the receiver. Use of IMAP over POP3 enables the message to be on the server so that the mailbox can be consistent across multiple devices.  

Sender Framework (SPF): Sender policy framework can be used by an organization to specify a server or

Read More: https://resources.infosecinstitute.com/topic/email-forensics-desktop-based-clients/