PDA

View Full Version : Tracing internet history (emails)



MarkEsq
02-24-2011, 11:55 PM
Say you had a terrorist trading emails with a colleague across the country. He's using an internet-based email, like Yahoo or Hotmail. Every email exchange is deleted after being read.

Assuming they find his computer, can the government go back, say a year, and read those emails? Are they stored somewhere, somehow? I know they could figure out which websites he went to (at least, I think so!) but how about seeing the content of the actual emails?

Thanks!

alleycat
02-25-2011, 12:01 AM
Do you want to make the terrorists incompetent (as some of them have been)?

If not, then any terrorist worth his salt would wipe his disk clean. There are programs to do this. It makes it very difficult to recover any deleted files. This assumes they don't just crush their hard drives from time to time and buy new ones. I'm not a terrorist, so I'm not an expert, but this would just be basic precautions, I think.

Of course, you can make anything work in a story. Those TV cops shows do it all the time.

Buffysquirrel
02-25-2011, 12:40 AM
If the emails were hosted on a remote server, and were never downloaded to the computer, only viewed on it, then no. They would have to go to the email provider for copies of the emails.

(eta: there might be something in the internet cache)

Drachen Jager
02-25-2011, 01:28 AM
Emails leave images spread across the internet. A government agency would likely be able to turn up 90% plus of e-mails if both computers were at ground zero of a nuclear blast (or merely had their hard drives wiped). It might take some time, but because they bounce from server to server across the internet there is almost always something left behind. Of course the farther back they wanted to go the lower the percentage of material they could recover.

BySharonNelson
02-25-2011, 01:44 AM
E mail is not usually downloaded onto the hard drive so there would be no trace of it on the computer itself. And even if you do a hard drive wipe a good tech guy can recover it. You have to use a high powered magnet or EMP device or simply destroy the hard drive. Also e mail providers do keep a lot of the e mail but that veries depending on company, some don't have the server space to keep all of that info on hand. But like Drachen said it is bounced all over the place so there is a chance of a really good teck tracking some of it down.

geekyMary
02-25-2011, 01:44 AM
I'd assume the provider would have backups and logs.

MarkEsq
02-25-2011, 01:45 AM
Hmm, good stuff.

What about if it wasn't the government. What if it was a large lawsuit and one company wanted (and had the court's permission to get) all the private emails of the other company's employees?

In other words, would the company seeking the emails be able to get them from the other firm's servers, or would they have to get them from Yahoo or Hotmail? [Make sense?!]

Amadan
02-25-2011, 01:51 AM
Yahoo, Hotmail, Gmail, and every other ISP, you can be sure, has backups and logs. Every email you've ever sent through those services is on a hard drive somewhere. And yes, the government can almost certainly get at it if they really want to.

A corporation would have a much harder time. They could demand a company turn over all the emails of its employees, but I don't know about demanding that a third party email provider turn over email logs in a civil lawsuit.

If your terrorists are smart, they used encrypted email, but a lot of terrorists aren't smart.

BySharonNelson
02-25-2011, 01:58 AM
It would depend on what type of e mail it is. I don't think the court would have the ability to make the employees hand over thier personal e mail accounts. If it is on a company e mail server it would be stored by the company and is not considered personal information. But for them to get each persons peersonal accounts I believe that the lawsuit would have to be filed against not only the company but each employee.

milly
02-25-2011, 02:03 AM
Yahoo, Hotmail, Gmail, and every other ISP, you can be sure, has backups and logs. Every email you've ever sent through those services is on a hard drive somewhere. And yes, the government can almost certainly get at it if they really want to.

A corporation would have a much harder time. They could demand a company turn over all the emails of its employees, but I don't know about demanding that a third party email provider turn over email logs in a civil lawsuit.

If your terrorists are smart, they used encrypted email, but a lot of terrorists aren't smart.


I've actually subpoenaed email records before and, I've had my clients' email accounts subject to the same

What I've seen, with yahoo as an example, is that the documents that are provided in response, are records of emails that exist at the time of the subpoena. Any emails that had been deleted prior to that subpoena hitting yahoo's desk, at least in my experience, are not provided or discoverable.

Now, I'm sure some techy out there might be able to get to them, but, if the account user has deleted emails from their yahoo, gmail, hotmail accounts, the person requesting the information won't know it, at least not from what is provided in response to a subpoena for email records.

(this is strictly the civil aspect, what a tech person or law enforcement official might be able to do in a criminal investigation may vary)

alleycat
02-25-2011, 02:06 AM
E mail is not usually downloaded onto the hard drive so there would be no trace of it on the computer itself.
That would also depend on the computer's auto-archive settings.

Buffysquirrel
02-25-2011, 02:34 AM
I hear microwaving the hard drive pretty much destroys the data. Works for RFID too.

Hallen
02-25-2011, 04:38 AM
I've actually subpoenaed email records before and, I've had my clients' email accounts subject to the same

What I've seen, with yahoo as an example, is that the documents that are provided in response, are records of emails that exist at the time of the subpoena. Any emails that had been deleted prior to that subpoena hitting yahoo's desk, at least in my experience, are not provided or discoverable.

Now, I'm sure some techy out there might be able to get to them, but, if the account user has deleted emails from their yahoo, gmail, hotmail accounts, the person requesting the information won't know it, at least not from what is provided in response to a subpoena for email records.

(this is strictly the civil aspect, what a tech person or law enforcement official might be able to do in a criminal investigation may vary)

That's interesting. I'm betting there would be some record of some deleted email on their backups. It would be spotty at best, but something would most likely be there. Now, that's assuming that Yahoo ever backs up their web mail servers. I'm assuming they do.

If it's a smaller email service, the chances are probably higher that you could get some older emails from backups.

I'm no internet guru, but I don't think that because emails bounce all over the internet through various servers that there would be any traces of them left over. That would be amazingly inefficient. Chances are, buffers are used that get the data and route it where it needs to go, and then deletes the data. What might be left over is the route the email took to get someplace, but from looking at email headers, the only thing you can see is the sending server (which can easily be spoofed anyway).

This stuff you see on 24 and other TV crime dramas about how they can instantly trace an email source is really hogwash. If they can trace it, it would take quite a bit of time, but it's also very doubtful it can be traced in the first place.

Also, larger data is sent out as packets. Each packet may take a completely different route to the final server. So an email could be broken up into multiple packets and travel different routs before arriving at the destination where the packets are reassembled into the whole file. Tracing stuff back would be a nightmare.

Try doing a "trace route" sometime. It's pretty cool. It lists all the server the packet hits on the way to it's destination. type "tracert yahoo.com" at a command prompt and you'll see a lot of hops.

jaksen
02-25-2011, 05:41 AM
Say you had a terrorist trading emails with a colleague across the country. He's using an internet-based email, like Yahoo or Hotmail. Every email exchange is deleted after being read.

Assuming they find his computer, can the government go back, say a year, and read those emails? Are they stored somewhere, somehow? I know they could figure out which websites he went to (at least, I think so!) but how about seeing the content of the actual emails?

Thanks!

Sometimes they don't actually 'email' messages to each other. Sometimes they share one account. They write a message and save it, but don't send it. (Save to email to mail later.) Then another guy, anywhere in the world with an internet connection signs on to the same account, reads the message and deletes it.

I know this has nothing to do with your question, but something to consider in your story. I forget which terrorist group it was, but I read about some group using this method to communicate among themselves. They all shared one account, one password.

PeterL
02-25-2011, 06:34 PM
Providers used to make actual backups, but I don't know if that is still done. If there are backups, then it would be easy to find old emails. If their systems are set up well, then there would be incremental backups.

movieman
02-25-2011, 06:52 PM
What might be left over is the route the email took to get someplace, but from looking at email headers, the only thing you can see is the sending server (which can easily be spoofed anyway).

Typically every server which touches an email will add a header saying where it is and where the email came from. So you can trace it back from that.

Now, the person sending the email could add fake headers claiming it had been relayed to them from somewhere else, but if there's a header after that saying that it went from someone's home PC to yahoo.com or wherever you can be pretty sure that any preceding headers are fake. And, even if not, the investigators would be knocking on the door of that home to find out why they're relaying emails.