Threatening E-Mail Research Paper

Pages: 6 (2058 words)  ·  Bibliography Sources: 8  ·  File: .docx  ·  Level: Master's  ·  Topic: Education - Computers

Threatening Email

The law enforcement response to electronic threats requires an investigation like any other type of crime (Technical Working Group for Electronic Crime Scene Investigation 2001). When it comes to threatening emails, the important fact an investigator must consider is that the crime is not the email but, rather, the underlying threat to hurt another human being. Whether this threat is face-to-face or via the Internet, it is a crime nonetheless. The Internet simply allows a different medium in which individuals can engage in illegal activity. Before the Internet, threats were made in different ways, which suggests that "the crimes that are being committed haven't changed, jus the manner in which they're being committed" (Wiles & Reyes 2007).

Buy full Download Microsoft Word File paper
for $19.77
Evidence and intelligence are equally important with investigating a digital crime such as the topic of this paper: a high school principal receiving a threatening email. Intelligence is information that is analyzed and interpreted while the evidence is any information that may be used in a court to decide the guilt or innocence of the accused (if there is an accused, that is) (Bryant 2008). For a digital crime such as this, recovered parts of the email communication would perhaps constitute intelligence and evidence. There is a certain format for which this investigation should be performed as well as a legal process that must be followed. There are many questions that need to be considered and this paper will attempt to answer the following: Was a crime committed? Who has jurisdiction? What are the legal issues that will need to be discussed with a prosecutor?

Research Paper on Threatening E-Mail Assignment

During the interview with the high school principal, an investigator will need to ask if this is the first threat he has received (if no, where are the others? Were they deleted? Were they sent to other addresses?); if there were any events at the school that may be connected to the threat; if he has any suspicions related to the threat and the suspect; whether or not he responded to the email threat; whether any other school employees or members of school employees' families have received threats; if any other threats have been reported; and if any students have complained about or reported threats from students or others.

The email message from ( by ( -- from -- consisted of: Subject: "lead will fly." Content: "Watch your back. I have all of you in my sights." The investigator needs to acquire a copy of the email including all headers (information that can trace the email back to the person who sent it). Once the email address (- -- ), the IP address, and the originating IP address is identified, the investigator can decide which route he or she wants to take - for example, contacting the email provider.

In this case, contacting the email provide, Web Courier, is necessary in order to find out if there is a name attached to the address or any other information that may be saved on the person's information or profile page. The investigator should note that they are performing a criminal investigation into a threatening email (or emails). The email provider may be just the source of information the investigator needs since when an email account is first opened, there are several terms of use that a person must agree to and one of those terms pertains to threats and harassment via email. The email provider has the authority to then investigate further into the person's account when there is a valid complaint or concern.

The preliminary information that the investigator should retrieve from the email provider are names associated with the account and whether or not there is a given location. At this point in time, the investigator should not ask the email provider to do anything (such as contact the individual). All the email provider should do is examine the account and give the investigator any pertinent information pertaining to the account. If the email provider were to contact the individual or shut down the account, it could impede progress on the investigation.

The next step will be to figure out what the sender's Internet Protocol (IP) address is. This is not difficult to do with most email clients (Yahoo Mail, Gmail and Outlook, for example). For example, on an email client such as Gmail (Google's email) the investigator must open the email in question and then click on the arrow that's to the right of the Reply link. Then "show original" should be chosen from the list. Looking for the text that begins with "Received: from" (or by pressing Cntrl + F is another option) and then performing a search is required. Most likely there will be several "Received: froms" in the message header -- (because the message header contains the IP addresses of all the servers involved in routing the email to the high school principal). Simply looking at the "Received: from" that is the furthest down on the list will reveal who or what computer originally sent the email (Online Tech Tips 2007). In this case, the first, or originating email, is In the case of a Yahoo email account as well as other types of email accounts, the investigator can simply click on "Full header" as opposed to "Compact header" in order to see where the email originated.

Once there is an originating IP address --, the next step is to figure out where that is. An IP address lookup must be performed next. There are different IP address location websites (for example, GeoBytes IP Locator) where searches can be done. By typing in the data, the country code, region code, city code, city ID, latitude, capital city, nationality singular, nationality plural, CIA map reference, country, region, city, certainty, longitude, time zone, population, Is proxy, currency, and currency code will be given (GeoBytes 2010). Another route to take is to do a Who Is Database search. This will give similar information as an IP Address Locator website including information on who hosts the IP address as well as registration information.

Internet Service Providers (ISPs) may log the date, time, account user information, and Automatic Number Identification (ANI) or caller line identification at the time of the connection (Gonzales et al., 2007). There are not any general legal requirements for log preservation; some may be kept for a limited time depending on the established policy of the ISP. Some ISPs do not keep logs at all (2007). Because the location was discovered as well as its belonging to -- a local ISP (uncovered through an IP search as mentioned above), the next step is to contact to try and find out a name that goes along with the IP address. In this case, revealed that "ramble" is registered to Mr. James Westfall, a local resident who has three children that are school age. Reyes and Brittson (2007) break it down like this:

You're investigating an email-based criminal threatening case where you were able to determine the originating IP address of the illegal communication. You were able to determine which ISP controls the address space that includes the IP address in question. If ISPs use dynamic addressing, how are you going to be able to determine which subscriber account used that address if any of a thousand or more could have been assigned to the suspect's computer? In this case, it would be extremely important for you to also record and note the date and time of the originating communication. The date/time stamp can be matched against the logs for the DHCP server to determine which subscriber account was assigned the IP address in question at that time (Reyes & Brittson 2007).

Because informed the investigator that the session where the threatening email was sent was established via a dial-up connection, further investigating needs to be done before naming Westfall as the only suspect. When one is using dial-up, the person is live on the Internet only while connected. Dial-up connections are hard to hack, so this narrows the chances of Westfall's computer being hacked to send emails; however, this does not mean that it is impossible to hack into dial-up connections; it only means that dial-up connections are not hacked as much because they are, for the most part, connected to the Internet for shorter amounts of time. Still, this needs to be investigated and the only lead there is at this time is Mr. Westfall's name and location.

From here on, there will be legal issues that must be addressed in relation to pursuing this case. Because the suspect, Mr. James Westfall, is a local resident, there may not be any real challenging issues when it comes to jurisdiction. Suspects/defendants may be arrested, accused, and/or sued in the state in which they reside (Casey 2004), so in this case there won't be any need for "minimum contacts" (2004). The threat is the main issue of this case -- not the email. Evidence… [END OF PREVIEW] . . . READ MORE

Two Ordering Options:

Which Option Should I Choose?
1.  Buy full paper (6 pages)Download Microsoft Word File

Download the perfectly formatted MS Word file!

- or -

2.  Write a NEW paper for me!✍🏻

We'll follow your exact instructions!
Chat with the writer 24/7.

Corporate Email Security Term Paper

Interoffice Memo Research Proposal

SPAM Filtering Term Paper

Internet Globalization Good or Bad Research Paper

Challenges to the Sustainability of the Tourism Industry in Thailand Research Proposal

View 200+ other related papers  >>

How to Cite "Threatening E-Mail" Research Paper in a Bibliography:

APA Style

Threatening E-Mail.  (2010, July 3).  Retrieved September 28, 2020, from

MLA Format

"Threatening E-Mail."  3 July 2010.  Web.  28 September 2020. <>.

Chicago Style

"Threatening E-Mail."  July 3, 2010.  Accessed September 28, 2020.