This project implements an automated forensic analysis tool for simulated phishing emails. It reproduces the workflow of a SOC analyst handling a reported malicious email in a controlled lab environment.
The tool parses a locally generated .eml file and extracts critical Indicators of Compromise (IOCs) such as phishing URLs, source IP addresses, suspicious sender domains, and malicious attachments. A structured technical report is generated at the end of the analysis.
Project developed for UEM112 – Piratage éthique et défense des systèmes.
The goal of this project is to analyze a simulated phishing email without opening it in a real email client and extract forensic evidence for investigation purposes.
The script automatically:
Parses email headers
Extracts source IP addresses
Detects phishing URLs
Flags suspicious sender domains (typosquatting)
Extracts attachments
Analyzes metadata using ExifTool
Generates a technical report
Operating system: Kali Linux or Parrot OS
Network: no outbound internet connection
Email source: locally generated .eml file
Attachments: locally generated files
Tools: Python, ExifTool, ReportLab
This project analyzes only locally generated emails. No real emails or personal data are used. Compliant with Algerian cybersecurity law 19-05.
