Research Paper on "Threatening E-Mail"

Home > Topics > Computers & Internet My Account

Research Paper 6 pages (2058 words) Sources: 8

[EXCERPT] . . . .

Threatening Email

The law enforcement response to electronic threats requires an investigation like any other type of crime (Technical Working Group for Electronic Crime Scene Investigation 2001). When it comes to threatening emails, the important fact an investigator must consider is that the crime is not the email but, rather, the underlying threat to hurt another human being. Whether this threat is face-to-face or via the Internet, it is a crime nonetheless. The Internet simply allows a different medium in which individuals can engage in illegal activity. Before the Internet, threats were made in different ways, which suggests that "the crimes that are being committed haven't changed, jus the manner in which they're being committed" (Wiles & Reyes 2007).

Evidence and intelligence are equally important with investigating a digital crime such as the topic of this paper: a high school principal receiving a threatening email. Intelligence is information that is analyzed and interpreted while the evidence is any information that may be used in a court to decide the guilt or innocence of the accused (if there is an accused, that is) (Bryant 2008). For a digital crime such as this, recovered parts of the email communication would perhaps constitute intelligence and evidence. There is a certain format for which this investigation should be performed as well as a legal process that must be followed. There are many questions that need to be considered and this paper will attempt to answer the following: Was a crime committed? Who has jurisdiction? What are the legal issues that will need to be discussed with a prosecutor?

During the interview with the high

Continue scrolling to

download full paper ⤓

school principal, an investigator will need to ask if this is the first threat he has received (if no, where are the others? Were they deleted? Were they sent to other addresses?); if there were any events at the school that may be connected to the threat; if he has any suspicions related to the threat and the suspect; whether or not he responded to the email threat; whether any other school employees or members of school employees' families have received threats; if any other threats have been reported; and if any students have complained about or reported threats from students or others.

The email message from webcourier.com (192.168.43.12) by mail.springfieldhs.edu (172.30.245.3) -- from -- consisted of: Subject: "lead will fly." Content: "Watch your back. I have all of you in my sights." The investigator needs to acquire a copy of the email including all headers (information that can trace the email back to the person who sent it). Once the email address (- -- ), the IP address, and the originating IP address is identified, the investigator can decide which route he or she wants to take - for example, contacting the email provider.

In this case, contacting the email provide, Web Courier, is necessary in order to find out if there is a name attached to the address or any other information that may be saved on the person's information or profile page. The investigator should note that they are performing a criminal investigation into a threatening email (or emails). The email provider may be just the source of information the investigator needs since when an email account is first opened, there are several terms of use that a person must agree to and one of those terms pertains to threats and harassment via email. The email provider has the authority to then investigate further into the person's account when there is a valid complaint or concern.

The preliminary information that the investigator should retrieve from the email provider are names associated with the account and whether or not there is a given location. At this point in time, the investigator should not ask the email provider to do anything (such as contact the individual). All the email provider should do is examine the account and give the investigator any pertinent information pertaining to the account. If the email provider were to contact the individual or shut down the account, it could impede progress on the investigation.

The next step will be to figure out what the sender's Internet Protocol (IP) address is. This is not difficult to do with most email clients (Yahoo Mail, Gmail and Outlook, for example). For example, on an email client such as Gmail (Google's email) the investigator must open the email in question and then click on the arrow that's to the right of the Reply link. Then "show original" should be chosen from the list. Looking for the text that begins with "Received: from" (or by pressing Cntrl + F is another option) and then performing a search is required. Most likely there will be several "Received: froms" in the message header -- (because the message header contains the IP addresses of all the servers involved in routing the email to the high school principal). Simply looking at the "Received: from" that is the furthest down on the list will reveal who or what computer originally sent the email (Online Tech Tips 2007). In this case, the first, or originating email, is 10.0.34.112. In the case of a Yahoo email account as well as other types of email accounts, the investigator can simply click on "Full header" as opposed to "Compact header" in order to see where the email originated.

Once there is an originating IP address -- 10.0.32.112, the next step is to figure out where that is. An IP address lookup must be performed next. There are different IP address location websites (for example, GeoBytes IP Locator) where searches can be done. By typing in the data 10.0.32.112, the country code, region code, city code, city ID, latitude, capital city, nationality singular, nationality plural, CIA map reference, country, region, city, certainty, longitude, time zone, population, Is proxy, currency, and currency code will be given (GeoBytes 2010). Another route to take is to do a Who Is Database search. This will give similar information as an IP Address Locator website including information on who hosts the IP address as well as registration information.

Internet Service Providers (ISPs) may log the date, time, account user information, and Automatic Number Identification (ANI) or caller line identification at the time of the connection (Gonzales et al., 2007). There are not any general legal requirements for log preservation; some may be kept for a limited time depending on the established policy of the ISP. Some ISPs do not keep logs at all (2007). Because the location 10.0.32.112 was discovered as well as its belonging to ptomaine.net -- a local ISP (uncovered through an IP search as mentioned above), the next step is to contact ptomaine.net to try and find out a name that goes along with the IP address. In this case, ptomaine.net revealed that "ramble" is registered to Mr. James Westfall, a local resident who has three children that are school age. Reyes and Brittson (2007) break it down like this:

You're investigating an email-based criminal threatening case where you were able to determine the originating IP address of the illegal communication. You were able to determine which ISP controls the address space that includes the IP address in question. If ISPs use dynamic addressing, how are you going to be able to determine which subscriber account used that address if any of a thousand or more could have been assigned to the suspect's computer? In this case, it would be extremely important for you to also record and note the date and time of the originating communication. The date/time stamp can be matched against the logs for the DHCP server to determine which subscriber account was assigned the IP address in question at that time (Reyes & Brittson 2007).

Because Ptomaine.net informed the investigator that the session where the threatening email was sent was established via a dial-up connection, further investigating needs to be done before naming Westfall as the only suspect. When one is using dial-up, the person is live on the Internet only while connected. Dial-up connections are hard to hack, so this narrows the chances of Westfall's computer being hacked to send emails; however, this does not mean that it is impossible to hack into dial-up connections; it only means that dial-up connections are not hacked as much because they are, for the most part, connected to the Internet for shorter amounts of time. Still, this needs to be investigated and the only lead there is at this time is Mr. Westfall's name and location.

From here on, there will be legal issues that must be addressed in relation to pursuing this case. Because the suspect, Mr. James Westfall, is a local resident, there may not be any real challenging issues when it comes to jurisdiction. Suspects/defendants may be arrested, accused, and/or sued in the state in which they reside (Casey 2004), so in this case there won't be any need for "minimum contacts" (2004). The threat is the main issue of this case -- not the email. Evidence… READ MORE

Download Full Paper

Write a New Paper for Me

Quoted Instructions for "Threatening E-Mail" Assignment:

“

The Situation

The local HS principal calls you to say that he has just received a threatening e-mail

Discuss what information you want from the principal and how you would begin the

investigation.

In response to your interview, the principal gives you the following e-mail message.

Received: from webcourier.com (192.168.43.12) by mail.springfieldhs.edu (172.30.245.3)

From: shooter@webcourier.com

To: principal@springfieldhs.edu

Subject: lead will fly

X-Originating-IP: 10.0.34.112

Watch your back. I have all of you in my sights.

Discuss how you would begin an investigation based on the above e-mail message.

If you decide to contact the e-mail provider, what is your reason to contact them and what

preliminary information would you want? Is there anything that you can ask them to do at this

point?

If you decide not to contact the e-mail provider, what was the reason for that decision?

What information (evidence) is contained in the above e-mail message?

If you identify any information, please discuss what the information is and where it would lead

you.

If you are following up on any information, what legal process, if any, would be required? What

information could you get in response?

Through your investigation you discover that address 10.0.34.112 belongs to ptomaine.net, a

local ISP. How did you discover this?

What information would you want to get from ptomaine.net and what legal process would be

required?

In response to your request, ptomaine.net tells you that *****ramble***** is registered to Mr. James

Westfall, a local resident with 3 school-age children. What can you do with this information

and what legal process, if any, would be required?

You learn from ptomaine.net that the above session was established via dial-up connection. If

this is important to know please discuss why. In addition, please discuss what further

information you could discover and what legal process you would need (in addition to whom

it should be addressed).

From whatever information you have received from your requests, how do you trace your target

Back to the Real World and what legal process is required to do so?

How do you have close in on who actually sent the email?

You have closed in on the sender, discuss what the requirements are and what legal process is

required to get into the sender*****s home and what evidence you would want to seize once there?

You have located the sender and would like to speak to him. Discuss what the potential

ramifications are from speaking to the sender and what the analysis would be if the interview

were the subject of some legal challenge.

How to Reference "Threatening E-Mail" Research Paper in a Bibliography

“Threatening E-Mail.” A1-TermPaper.com, 2010, https://www.a1-termpaper.com/topics/essay/threatening-email-law-enforcement/37120. Accessed 29 Jun 2024.

Threatening E-Mail (2010). Retrieved from https://www.a1-termpaper.com/topics/essay/threatening-email-law-enforcement/37120

A1-TermPaper.com. (2010). Threatening E-Mail. [online] Available at: https://www.a1-termpaper.com/topics/essay/threatening-email-law-enforcement/37120 [Accessed 29 Jun, 2024].

”Threatening E-Mail” 2010. A1-TermPaper.com. https://www.a1-termpaper.com/topics/essay/threatening-email-law-enforcement/37120.

”Threatening E-Mail” A1-TermPaper.com, Last modified 2024. https://www.a1-termpaper.com/topics/essay/threatening-email-law-enforcement/37120.

[1] ”Threatening E-Mail”, A1-TermPaper.com, 2010. [Online]. Available: https://www.a1-termpaper.com/topics/essay/threatening-email-law-enforcement/37120. [Accessed: 29-Jun-2024].

1. Threatening E-Mail [Internet]. A1-TermPaper.com. 2010 [cited 29 June 2024]. Available from: https://www.a1-termpaper.com/topics/essay/threatening-email-law-enforcement/37120

1. Threatening E-Mail. A1-TermPaper.com. https://www.a1-termpaper.com/topics/essay/threatening-email-law-enforcement/37120. Published 2010. Accessed June 29, 2024.

Related Research Papers: