When investigating a threatening e-mail, which aspect of the message is most important to trace its source?

The e-mail header is the most important aspect to examine when investigating a threatening e-mail because it contains crucial information about the route the e-mail took from sender to recipient. Within the header, you can find details like the originating IP address, timestamps, and the servers involved in the transmission, which are essential for identifying where the message came from and tracing the source.

The message body, while containing potentially threatening content, does not provide the technical details needed for tracing. The sender's display name can be easily manipulated and does not reflect the actual sender's identity. Finally, examining attachment types is important for understanding potential threats or malware, but it does not help in determining the email's origin or tracking down the sender. Thus, the e-mail header is paramount in the investigative process.