Wednesday, February 9, 2011

How Long Should It Take To Trace An Email Back To The Sender?

Copyright (c) 2011

If you find yourself in a position that you need to hire someone to locate or identify the person behind an email address you may be wondering how long this type of investigation will take. The answer is sort of like the answer to the old question. How long is a piece of string? Obviously you cannot give a definitive answer of how long any investigation is going to take. Investigators have been searching for Osama Bin Laden for 10 years. However when it comes to an online email investigation we can take a look at the processes and procedures and get a rough estimate of how long the average investigation will take.

The average email trace investigation is going to involve a few common steps.

Step 1. Analyzing the email header, obtaining IP information, tracing the IP information back to the sender. many so called email trace investigations will actually begin and end at this initial stage and in some instances an instant search can be done that will return general information about the senders ISP in just a few minutes. Unfortunately these instant searches may be grossly inaccurate and trace the IP address of the recipient. Make the information recovered useless. If a professional is analyzing the headers they will take the time to manually analyze the header and return information not only about the senders ISP but also dates, geographic location and even the version of the email program the sender used. This professional may have resources at the senders ISP to obtain an exact identification.

Step 2. Database searches. While it may only take a few minutes to search a data base a professional email tracer will have access to hundreds of databases. Not just the instant ones you'll find online. a professional will have a check list of searchable sites that are in the deep web. These are membership sites that may require a monthly subscription. Some examples are resume sites, high school reunion sites, gift registry sites. These are searchable databases that must be searched manually and cannot be searched instantly or for free.

Step 3. Pretext investigations. A professional email tracer will have a bag of tricks already set up to contact the subject of the investigation and trap or trick the subject into revealing their identity or location. There is no way to estimate the amount of time it may take to trap the subject of the investigation but in some cases the longer this sate of the investigation takes the more evidence is being recovered an documented about the subject. Evidence that can be reduced to a report and turned over to police or used in a court of law.

There are many other steps in the average email investigation. some include comparing identifying information from the subject of the investigation to information obtained about a suspect in the investigation. Sometimes enough information can be obtained and documented that an exact match can be made. Positively matching an anonymous emailer to a known suspect.

As you can see just from this cursory summary of only a few of the steps involved a real thorough investigation into the location or identity of an email sender is far more involved than some simple online data base search. It takes time and manpower to locate, identify and document every step of the investigation.

