Email forensics includes which tasks?

• A. Identifying sender, recipient, date/time, and origination location of an email
• B. Recovering hidden deleted video files
• C. Monitoring real-time network traffic
• D. Decrypting SSL/TLS sessions

Answer: (A)

Email forensics focuses on examining email metadata and delivery artifacts to determine who sent a message, who it was sent to, when it was sent, and where it originated. By analyzing email headers, investigators can extract sender and recipient addresses, timestamps, and the path the message took, including origination IPs. This metadata is crucial for establishing authenticity, reconstructing the timeline, and maintaining a solid chain of custody, which are fundamental goals in email investigations. The other options fall outside this scope: recovering hidden deleted video files belongs to multimedia forensics, monitoring real-time network traffic targets live network analysis, and decrypting SSL/TLS sessions concerns encryption and secure communications rather than typical email evidence.