The Association of Digital Forensics, Security and Law (ADFSL)
Web based email systems may be a source of pristine digital evidence because of the perceived difficulty of client tampering with messages stored inside the email account. We demonstrate that such assumption is wrong in the case of Windows Live Hotmail®1 . Windows Live Mail®1 synchronises message on client-side computers with the Hotmail® server, benefiting users wishing to synchronise their email accounts and personal devices. However, this synchronisation opens an exploit for wrongdoers to tamper with existing email messages and attachments as well as facilitating the insertion of fabricated messages. The exploit process enables persistent storage of tampered and fabricated messages on the Hotmail®1 server. The exploitation favours both account owners and wrongdoers who gain unauthorised access of others’ accounts. Even if tampering were suspected, we anticipate some difficulties in validating messages to determine their reliability and relevance. We predict, with trepidation, that the exploit process will become commonplace and pose greater challenges to the cyber forensics examiner and legal practitioner during investigations and legal proceedings. Regrettably, the exploit complements the existing arsenal of tools for email forgery. More ominously, it provides opportunity for traceless injection of illicit material/malware onto any machine synchronised with the Hotmail® account.
Alexander, A. (2008). JT Shannon Lumber Company, Incorporated versus Gilco Lumber Incorporated. Mississippi: United States District Court, Northern District of Mississippi, Delta Division.
Ardley, J. (2011). Personal communication with Microsoft: Live Mail (Hotmail) functionality. (Affidavit). Perth, Australia.
Attorney-General’s Department. (2010). Carrier-carriage service provider data set consultation paper. Retrieved April 17, 2012, from http://images.smh.com.au/file/2010/07/23/1710367/SecretDocument.PDF?rand=1279847709475
Boddington, R. G., Hobbs, V. J., & Mann, G. (2008). Validating digital evidence for legal argument. Paper presented at the SECAU Security Conferences: The 6th Australian Digital Forensics Conference, Perth, WA.
Craddock, D. (2010a). A short history of Hotmail. Retrieved April 17, 2012, from http://windowsteamblog.com/windows_live/b/windowslive/archive/2010/01/06 /a-short-history-of-Hotmail.aspx
Craddock, D. (2010b). Hotmail now supports push email, calendar, and contacts with Exchange ActiveSync, Inside Windows Live.
Craddock, D. (2011). Hey! My friend’s account was hacked! Retrieved April 17, 2012, from http://windowsteamblog.com/windows_live/b/windowslive/archive/2011/07/14 /hey-my-friend-s-account-was-hacked.aspx
Dardick, G. S. (2010). Cyber forensic assurance. Paper presented at the 8th Australian Digital Forensics Conference.
Florencio, D., & Herley, C. (2007). A large-scale study of web password habits. In: WWW. Proceedings of the 16th International Conference on World Wide Web, New York, American Computer Magazine.
LeBlanc, B. (2007a). Introducing Windows Live Mail. Retrieved April 17, 2012, from http://windowsteamblog.com/windows/b/windowsexperience/archive/2007/05/ 07/introducing-windows-live-mail.aspx
LeBlanc, B. (2007b). Microsoft Outlook Connector beta now available. Retrieved April 17, 2012, from http://windowsteamblog.com/windows/b/windowsexperience/archive/2007/06/ 11/microsoft-office-outlook-connector-beta-now-available.aspx
Levi, A., & Koc, C.K. (2001). Inside risks: Risks in email security. Communications of the ACM, 44(8): 112.
Preibusch, S., & Bonneau, J. (2010). The Password Game: Negative Externalities from Weak Password Practices. In Alpcan, Buttyán, and Baras (Eds.), Decision and Game Theory for Security. Heidelberg, Springer-Verlang. 6442: 192-207.
Sierra, P. (2010). What draws people to Windows Live Mail and other email applications? Inside Windows Live.
Sunner, M. (2005). Email security best practice. Network Security, 2005(12): 4-7.
Boddington, Richard; Boxall, Grant; and Ardley, Jeremy
"Pandora’s Email Box? An Exploratory Study of Web-Based Email Forgery Detection and Validation.,"
Journal of Digital Forensics, Security and Law: Vol. 7
, Article 3.
Available at: http://commons.erau.edu/jdfsl/vol7/iss1/3