In This Chapter

E-mail plays the lead or support role in most civil and criminal investigations. Federal and most state law allows for a review of e-mail in every case. These laws, mixed with people sending badly-thought-out e-mail, have made e-mail forensics the leading type of forensics. Don't expect your investigation to be a slam-dunk because verifying the sender's identity isn't always easy to do.

E-mail and Web-based e-mail (Web mail, for short) can spread far and wide. E-mail-evidence has helped put people in jail or on the losing side of a lawsuit because of head-in-the-sand attitudes about the risk of unintended destinations and readers of their messages.

In this chapter, you find out how e-mail and Web mail sent to or from someone who accesses e-mail over a public ISP can be recovered. ISPs such as Google and AOL are served thousands of subpoenas and search warrants each month from investigators as they try to identify subscribers or review their e-mail — and the companies must comply. Even companies that have zero-tolerance e-mail policies, when faced with legal action, face high odds that their e-mail will be searched and incriminating evidence found.