Collecting Electronic Evidence of Email Forging using SMTP Headers and Wireshark

Impersonation and cyber data theft, at present, has had a big impact in society, even more in small and medium enterprises (SMEs), threatening both their information and reputation due to the cyber attacks that can be performed against Internet services. Furthermore, the lack of proper configurations in these services makes it more difficult to control and detect forgery carried out but insiders, which may be even the companies’ employees. A case in point is Email Forging which is aform of deception by manipulating Email Headers in order to make one party believe that certain information was sent by another that has been impersonated by a criminal, or forger.Therefore this paper explores the practical implementation of a basic open source tool, Wireshark, for network traffic analysis so that it can be used to gather online evidence related to EmailForging, which can be a money-wise advantage for SMEs with reduced budget for IT security which cannot invest enough in technical and human resources in order to detect and carry outforgery investigations.