Email forensics, also known as email analysis, is the process of examining and analyzing emails to extract important information for legal, criminal, and cybersecurity investigations. It involves recovering deleted emails, tracing the origin of emails, determining the authenticity of emails, and identifying patterns of communication.

The main objectives of email forensics are:

1. Email recovery: Email forensics involves the recovery of deleted emails from various email servers, email clients, and backup systems. This is done to retrieve important evidence or information that may have been intentionally or unintentionally deleted.
2. Email header analysis: Email headers contain important metadata such as sender and recipient details, delivery timestamps, and IP addresses of the sending and receiving servers. Email forensics experts analyze these headers to trace the origin of an email and verify its authenticity.
3. Email content analysis: The content of an email can provide valuable information for an investigation. Email forensics involves analyzing the content of emails to identify relevant keywords, phrases, and attachments that may be crucial to the case.
4. Email metadata analysis: In addition to email headers, email metadata provides additional information about an email, such as the email server used, email client details, and information about email forwarding, CC, and BCC. Email forenssics experts analyze this metadata to gather evidence and uncover the details of an email's journey.
5. Email tracing: Email forensics involves the tracing of emails to determine the route they took, the servers they passed through, and the devices used to send and receive them. This helps determine the authenticity and integrity of an email and can establish a timeline of communication.
6. Email authentication: Email forensics can involve the examination of email authentication mechanisms such as DKIM (DomainKeys Identified Mail), SPF (Sender Policy Framework), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) to verify the legitimacy of an email and prevent email spoofing or phishing attacks.
7. Email recovery from backup systems: Email forensics experts can recover emails from backup systems, which can be crucial in cases where emails have been intentionally deleted or lost due to technical failures or system crashes.
8. Email correlation and analysis: Email forensics involves the correlation and analysis of multiple emails to establish patterns of communication, identify relationships between individuals or entities, and uncover any malicious or suspicious activities.

Overall, email forensics plays a vital role in investigating cybercrimes, data breaches, employee misconduct, intellectual property theft, and other digital crimes where emails are used as evidence or play a significant role. It helps in uncovering crucial evidence, tracing communication routes, and determining the authenticity and integrity of emails. Email forensics experts utilize various tools and techniques to extract, analyze, and present email evidence in a legally admissible format.