The main purpose of E-mail investigation is to procure a few IOC's for the company. First, the sender and the domain. Originating IP address and of course if they are utilizing any tools such as Agari, ProofPoint, baracuda, mimecast, etc. the investigators can then plug in message headers, body, etc. and block e-mails. This also serves for tracking purposes. However, the main focal point is to not only block but to understand where an e-mail is coming from and either block the domain, sender IP or IP pool to limit mail being received that is malicious.

Register to read more …