EmailTracer is a cyber forensics analysis tool developed by C-DAC, Thiruvananthapuram, which incorporates graphical features for a Cyber Forensic Investigator, to track the anonymous and threatening email sender’s easily. Forensic tracing of e-mail is similar to traditional detective work. It is used for retrieving information from mailbox files with extensions dbx (Outlook Express), pst (Microsoft Outlook), mbx (Eudora), .cnm(Pegasus), .cmm(Pegasus), .mm(IncrediMail), MailDir(KMail), .tbb(The Bat), .nsm(Netscape Messenger) and mbox (Mozilla).

EmailTracer provides facilities for searching the registry to find the DBX files, browse and find mailbox files by specifying their extension, retrieve header information from the selected mails, display contents of the mail, identification of sender’s domain name details, tracing the sender using IP address, locate the sender’s Gateway on a World map, Mail Server log analysis for evidence collection, and Report generation.

EmailTracer is able to analyze the email header and gives the complete details of the sender like IP address, which is key point to find the culprit and the route s/he followed to send the mail, the Mail Server used, etc. It gives the geographical location of the sender and the detailed route of the sender machine on a world map. Once the sender of the malicious e-mail (spoofed mail) is identified, the software starts for analyzing mail server logs, if available, to collect evidences for proving the mischief the sender has done.