Tracking an email back to its original source

A friend of a friend* lives in a very small town and finds himself in a compromising situation. He and his wife, a lovely young couple, took some… er, *private *pictures of themselves, and somebody stole the USB stick where they kept it from one of their cars. The unscrupulous crook who took him has emailed the photos to a lot of people in the community where they live. Other unscrupulous f**ers forwarded the pictures to some more people. They are both young professionals whose careers might be compromised.

This pisses me tremendously, and I would like to know if it is possible to hire somebody to track back the email to the original source, in which case they will probably file charges against the person(s) who stole the disk from the car. I am not asking for anything illegal, I am not really sure if anything illegal would be required.
I could start a good pit rant about this, but will probably burst a vein, so I will refrain from doing so.
*It really isn’t us. The last time my husband and I did that I was a lot younger, in great shape and the pictures were saved in floppies. :slight_smile:

There’s really no way to definitively track email. It was never set up to allow for tracing like that. Anything you come up with won’t be guaranteed to be accurate.

Telemark is right that there’s no definitive way to track it, but if they can get the IP address from the original sender (not one of the forwards), they could potentially subpoena the ISP to try to get the information. May or may not work, and may be more trouble than they want to go to, but it’s a possibility.

Well, I’d say car thieves are unlikely to know how to hide their identities while sending e-mail.

That said, I’m sure you could find the sender of the e-mail. But all that proves is that they sent the photos, not that they stole it from the car.

If you have the original e-mail, you can find the sender’s e-mail gateway, which as stated above is, is likely their IP address (from their ISP). First do a WHOIS lookup. This could reveal some great info (and sometimes useless info). Second, try browsing to the IP address. Some people put up websites at home and use Dynamic DNS to keep the a domain name assigned to a dynamically assigned IP address. But the IP address could take you directly to their PC.

Those are the first things I’d try… then I’d get more invasive.