What can we learn from Utegate? June 24, 2009

Future Proof blog watchers may have seen today’s Sydney Morning Herald article ‘Fake emails: how easy are they …to spot or make?’
(go to: http://www.smh.com.au/technology/security/fake-emails-how-easy-are-they–to-spot-or-make-20090623-cuzq.html)

It is interesting to see the following advice in the article from digital forensics expert Graham Thompson:

“The trick in exposing what’s fake or real, Thompson explained, is to obtain an electronic copy of the email and look at the ‘interrnet headers’.

Thompson later goes on to say:

“I mean, you’d ask your advisers, show me some more proof, show me other things, not base it all on one piece of flimsy evidence that could be something totally different to what it is.”

In other words, check the metadata! This means both the metadata showing the electronic provenance of the message and metadata applied for recordkeeping purposes when an email is registered in a recordkeeping system. Both are vital for proving the email’s authenticity as a true record of what was communicated.

To learn more about capturing authentic email records that will stand up under scrutiny, go to our short guide Recordkeeping in Brief 49: FAQs Email and recordkeeping.
To find out more about metadata for records, go to Recordkeeping in Brief 18: Introducing recordkeeping metadata.

Leave a Reply

You must be logged in to post a comment.