Call: (888) 458-3222
Can Email be Traced?
Email can be traced, but the process is complicated and often not successful. You may need a Forensic Examiner with experience in preparing search warrants and subpoenas to assist the attorney handling the case with the language needed to be successful in court.
When tracing an email, the examiner faces three major hurdles:
First, an Internet Protocol Number (IP Number) is assigned to a user when the user connects to the Internet. These numbers can be static (never changes) or dynamic (changes every time the user connects to their Internet Service Provider (ISP)). Web servers and corporate identities are most often static and the home user is usually dynamic. There are no regulations that require an IPS to maintain who had what IP number. Some of the smaller ISP have records going back to the beginning of the company and others maintain no records at all. As an example, America Online, maintains no records more than 28 days. Finally, in order to gain access to the records of who was assigned an IP number for a specific date and time, a search warrant or civil subpoena may be required.
Second, the Internet IP numbering scheme and distribution is structured like a tree. With the trunk being similar to the main Internet backbone. This backbone is controlled by large corporations and backbone providers (Huge ISP's). The next level being the branch of the tree or a large ISP. This process moves down to the leaf, who winds up being the ISP that is assigning IP numbers to the user when logged in the ISP for Internet access. Each level of the IP numbering will lease blocks of IP numbers to the level beneath them. This process can be several levels of ISP's, each requiring a search warrant or subpoena to release the records, if they exist and have not been deleted. This process is slow and often times multiple search warrants or subpoenas are needed to reach the ISP that actually assigned the IP Number.
Third, if too much time is allowed to pass before any preservation request or search warrants or subpoenas as issued, the critical information being sough may no longer exist.
Return to FAQ List
Next Question: What happens when a file is deleted?
Center for Computer Forensics
21800 Melrose Ave
Southfield, MI 48075
This website is not intended to provide legal or professional advice. The site is merely a starting point to learn about the topics listed. While we attempt to maintain current, complete and accurate information we accept no responsibility for errors or omissions.