Truthfully, being a hacker detective requires you to able to extract and figure out email
header information regardless of what email client you are using. All you are trying to do is
extract the complete email header that tells the detective effectively the route (path) taken
from the sender (hacker) to your machine (the victim). Lastly, many known internet providers
will purposefully strip out a lot of the information to include the senders exact street address;
therefore you can only track the IP address as far as the internet provider.1 On the other
hand, knowing the hackers internet provider can and will prove very resourceful later on for
reporting purposes.
The following are some ways to extract email headers by email client:
Extracting Email Headers from Gmail
To extract email headers from Gmail:
1. Open the email message.
2. Click the down arrow adjacent to the Reply link in the upper-right corner of the email
message
3. Click Show Original.
Copy and paste the header information into the Email Header Analysis Engine, and
click Submit header for analysis
Extracting Email Headers from Hotmail
To extract email headers from Hotmail:
1. Login to your Hotmail account.
2. Click on Options tab on the top navigation bar
3. Click on the Mail Display Settings link
4. Change the Message Headers option to Full
5. Click the OK button
Copy and paste the header information into the Email Header Analysis Engine, and
click Submit header for analysis
Extracting Email Headers from Microsoft Outlook 2010
To extract email headers from Microsoft Outlook 2010:
1. Click the File
2. Click Properties
3. Locate Internet Headers (bottom of the popup window)
Highlight, copy and paste everything from the Message Source window (Ctrl-A, Ctrl-C) into
the Email Header Analysis Engine, and click Submit header for analysis
Extracting Email Headers from Microsoft Exchange
To extract email headers from Microsoft Exchange:
1. To get the complete headers and message source using Microsoft Exchange Click
the File menu
2. Click Properties
3. Click the Details tab