Pyfet (Python Forensic Email Tool) is a forensic tool designed for the acquisition and analysis of emails. It supports the digital signature of reports using the Italian CIE (Carta di Identità Elettronica) for ensuring the legal validity and integrity of the collected data. This tool is a powerful solution for forensic investigators and cybersecurity professionals to perform secure and verifiable email evidence collection.
This project is the result of my master's thesis in Computer Science and Engineering at Politecnico di Milano. For more context about the development of this project, please refer to the For Developers > History and Scope page in the wiki. You can also read my thesis for additional details.
- Email Acquisition: Download emails in EML format from Microsoft and Google using their APIs (you can also do it with classical IMAP).
- Triple Hashing: Each email is hashed three times to ensure data integrity.
- Digital Signature: Generate legally valid reports with digital signatures using CIE.
- Network Traffic Recording: Records network traffic in a PCAP file during email acquisition, including decrypted packets or session keys for further analysis.
- Header Analysis: Analyze email headers to verify the authenticity and trace the origin of emails. This feature helps in detecting spoofing, forging, or other malicious activities, providing a detailed analysis of the email path and any potential red flags in the headers.
- Attachments Analysis: Analyze email attachments with external tools or services such as Exiftool and Virustotal.
Please before starting, read carefully the Wiki. There you will find all the informations you need.
Pyfet is designed to follow the best practices about digital evidence collection and digital evidence analisys. However, it is the responsibility of the user to ensure that the tool is used in compliance with local laws and regulations.
Contributions to Pyfet are welcome! If you find any issues or want to add new features, please open an issue or submit a pull request.
Made with ❤️ by William