| Titre | Collecter l’e-mail |
|---|---|
| ID | RA2202 |
| Description | Collect an email message |
| Auteur | @atc_project |
| Creation Date | 31.01.2019 |
| Catégorie | |
| Étapes | RS0002: Identification |
| References | <ul><li>https://www.lifewire.com/save-an-email-as-an-eml-file-in-gmail-1171956</li><li>https://eml.tooutlook.com/</li></ul> |
Workflow
Collect an email message using the most appropriate option:
- Email Team/Email server: if there is such option
- The person that reported the attack (if it wasn’t detected automatically or reported by victims)
- Victims: if they reported the attack
- Following the local computer forensic evidence collection procedure, if the situation requires it
Ask for the email in .EML format. Instructions:
- Drug and drop email from Email client to Desktop
- Archive with password “infected” and send to IR specialists by email