Technology and Violence Against Women Series – Email & Online Evidence Collection

In this blog series, we are examining the impact of technology on violence against women crimes, as identified by the National Network to End Domestic Violence (NNEDV) Safety Net Project. In the coming days, the IACP Violence Against Women team will focus on Posting Content Online, and Spyware and Safety. Our most recent post focused on Sexting, and today’s post will highlight email and online evidence collecting.

Offenders frequently misuse email and online spaces to stalk, abuse, terrorize, threaten, and monitor victims. Abusers may send the victim threatening or harassing messages from random email addresses, install spyware on the victim’s computer, impersonate the victim to cause more harm, or access the victim’s accounts without his/her knowledge.

Many times, the abuser believes that his/her actions cannot be traced because they are anonymous. However, all electronic communication has digital trails, and the following evidence collection tips will help ensure that offenders are held accountable.

Email: Even when offenders send emails without using their primary email account, law enforcement can still trace the email to the actual sender. All emails have a header that contains the IP address of the originating sender. The only time it would be impossible to note the originating IP address is if the sender uses anonymous proxy servers.

What is an IP Address? An IP address is the numerical code that is assigned anytime a device connects to the Internet. IP addresses usually consist of four sets of numbers from 0 to 255, separated by three dots, for example “” or “” or eight sets of hexadecimal digits, for example “2001:0db8:0000:0042:0000:8a2e:0370:7334.”

Social Networking & Online Spaces: Abusers often access the victim’s social network and online accounts, oftentimes without their knowledge, to secretly monitor the victim’s computer activity or more blatantly, completely take over an account to impersonate, sabotage, or embarrass the victim. Investigators can determine who is accessing the account through IP address and log-in information. Most websites operators have this data, although their retention policies vary, so law enforcement should send preservation letters to the website owner as soon as they can, followed with subpoenas or search warrants. Some sites, such as Gmail and Facebook, allow the user to view past log-in activity, including user location and IP address.

Many Internet- and communication-based companies have developed guides to assist law enforcement in understanding what information is available and how that information may be obtained. Links to law enforcement investigation guides are available through the IACP Center’s for Social Media.

To read the publication Documentation Tips for Survivors of Technology Abuse & Stalking, click here. You can also contact the NNEDV’s Safety Net Project by clicking here. Be sure to visit their Tech Safety blog for additional information on technology safety.

If you have questions about the IACP’s Violence Against Women efforts, please contact Michael Rizzo, IACP Project Manager, at, or visit the IACP’s National Law Enforcement Leadership Initiative on Violence Against Women webpage.

This entry was posted in Cybercrime, Social Media, Technology. Bookmark the permalink.

One Response to Technology and Violence Against Women Series – Email & Online Evidence Collection

  1. Pingback: Technology and Violence Against Women Series – Posting Content Online | IACP Blog

Comments are closed.