Tags: email forensic
## Pt. 1
We get an email file (.eml) and the challenge is to find out what was deleted from the file...
Received: from 10.197.33.204...
Return-Path: <[email protected]>
Received-SPF: pass (domain of gmail.com designates 188.8.131.52 as permitted sender)
X-Apparently-To: [email protected]; Fri, 15 Apr 2022 06:03:02 +0000
Received: from 184.108.40.206...
Received: by mail-wr1-f45.google.com with SMTP id u3so9536261wrg.3...
X-Received: by 2002:a05:6000:1564:b0:20a:7727:27b0 with ...
From: crew ctf <[email protected]>
Date: Fri, 15 Apr 2022 08:02:49 +0200
Message-ID: <CAG+6d[email protected]>
Subject: Help me!
To: [email protected]
Content-Type: multipart/alternative; boundary="000000000000c0332a05dcab29d2"
Content-Type: text/plain; charset="UTF-8"
Hey, crushed kiwi I hate this loop of college, and I need your help. Can
you meet me at lost immediately?
Content-Type: text/html; charset="UTF-8"
I realized that it has to be from a google email so I sent myself an email and compared both.
The `X-Gm-Message-State:` Header is missing!
This was the solution for the first part of the challenge.