james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anagha Mudigonda <anaghamudigo...@gmail.com>
Subject Email Forensics for JAMES
Date Tue, 25 Oct 2005 03:11:52 GMT
Hi Guys,

After classes started, I was not able to contribute much towards the
protocol handler (JAMES fastfail). I will start working on some of the
filters Stefano suggested pretty soon.

I am doing my MS project on *email forensics* using JAMES. Basically this
would involve collecting forensic data from the SMTP session, from the
POP/IMAP client, from the DNS Server(if needed) saving it and infering
something useful at a later time.
 To start, I will begin by collecting the SMTP session data, like the MAIL,
RCPT commands with corresponding parameters and so on.

The data collected could be used for Anomoly detection / intrusion detection
or just for compliance.

I was wondering if I could get some inputs from this forum regarding this.

Since a lot of people have a lot of experience with e-mail I would be glad
to get some suggestions or thoughts regarding this.
 Best Regards
Anagha.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message