Email Forensics Workshop — CTF Edition — Part 2

Email Forensics Workshop where we solved the last five challenges in Metaspike's Email Forensics Capture The Flag (CTF) competition. We covered topics such as: • Decoding hidden timestamps • Message reconstruction via DKIM • Authenticating emails based on their appearance • Recovering deleted attachments from MAPI items • Leveraging recovered OAuth tokens to gain access to mailboxes • Talking to Gmail API directly • Examining Gmail History records to make your own audit trail • Q&A 📑 Sections 00:00:00 — Introduction 00:03:10 — Q6 - Superfrog 00:38:17 — Q7 - You're So Vain! 01:01:36 — Q8 - Steampunk 01:31:14 — Q9 - (Un)authorized Access 01:38:03 — Q10 - The REST is History 📚 Other Resources Blog https://www.metaspike.com/blog Community https://community.metaspike.com Books Internet Email Protocols: A Developer's Guide — Kevin Johnson Inside Mapi (Microsoft Programming Series) — Irving De La Cruz, Irving Thaler #EmailForensics #DigitalForensics #DFIR #ComputerForensics