Do you know how to properly read and analyze the header of an email message? In this episode, we'll look at two examples – one legitimate and one not so legitimate. We'll learn which header fields are most commonly used in analysis, how to determine the true origin of a message, how to read SPF and DKIM information, and we'll even take a quick look at DMARC. Whether you're new to this concept or a seasoned veteran, this episode has something for you.

Special thanks to Arman Gungor (@armangungor) for his expertise in producing this episode.

***If you like this video, please support 13Cubed on Patreon at patreon.com/13cubed. ***

Using DKIM in email forensics:
https://www.metaspike.com/leveraging-dkim-email-forensics/

What is DMARC?:
https://dmarc.org/

Email Header Plugin for Sublime Text 3:
https://packagecontrol.io/packages/Email%20Header

Background music courtesy of Anders Enger Jensen:
https://www.youtube.com/user/HariboOSX

#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics #EmailForensics

Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.