Emails trackable on pc


Toni

New Member
Sep 20, 2006
6
0
#1
I am in the middle of a fairly intense legal battle with my employer and they have seized my laptop. I have used it in the past to access my private hotmail account and send/receive emails which will certainly not help my case as I am somewhat critical of those guys.

Can anyone tell me the risk of these emails being retrieved in some way from the laptop by an expert? I have not saved anything on to the laptop but perhaps there is some kind of other trail?

Thanks in advance.
 

AlanOne

New Member
Nov 18, 2005
701
0
#2
Yes. Hotmail emails leave a trail and can be easily recovered.

Tim, CCE
 

Toni

New Member
Sep 20, 2006
6
0
#3
Crikey! What about excite.com or yahoo? Are they just as easy to retrieve? Please tell me they are better than hotmail.

Toni
 

AlanOne

New Member
Nov 18, 2005
701
0
#4
It is the same with almost any web based e-mail.

Tim, CCE
 

selil

New Member
Sep 11, 2006
258
0
#5
Depending on how you used the computer, the emails themselves, the passwords, the usernames, and more may be stored in a variety of forms on the laptop (cache, cookies, web directories, registry keys, etc...). If you want to "somewhat" anonymously browse use a USB key with something like TorPark on it (torpark.nfshost.com).
 
Oct 22, 2006
30
0
#6
email

<t>Although web based emails can be tracked you have a much better chance on getting by on these then exchange emails. Web based emails are mainly tracked through temp files so there's a chance that if you've ever reformatted or done a secure wipe on your system that not all of your emails will be recovered.</t>
 

AlanOne

New Member
Nov 18, 2005
701
0
#7
It sounds like he was unable to destroy the evidence before they seized his machine.

Tim, CCE
 

Prickaerts

Administrator
Jan 2, 2006
765
0
#8
"chance that if you've ever reformatted or done a secure wipe on your system that not all of your emails will be recovered."

Re-formating your drive will NOT destroy the evidence, only a wipe will.

Also keep in mind that Internet Explorer does not by default cache https web pages in the temporary Internet files folder for just this particular reason. For Hotmail this does not help you, since it loads the e-mail pages in plain text.

GMail should offer better protection (note that I did not say best).


On a non-technical matter: Does your employer have a policy that forbids use of computer resources for personal matters? And if he does have a policy, does it also explain the circumstances under which this kind of investigation can be undertaken? If not, local law might forbid him to do so, so depending on which country you live in he might not be allowed to execute such an investigation (privacy law, etc)
 

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu