Hi all,
i have a question about a judicial procedure. I am going to explain the project and i hope you can help me
We have a project where the client wants to present an evidence from a send e-mail for a judicial procedure, this e-mail was sent in 2007. At this moment, the mail server doesn´t save the logs about the traffic and there aren´t any information about the traffic for that year, because of this, the only evidence is the e-mail.
On the other hand, neither we can acquire the e-mail from the receptor because he works for another company.
Now, we should need to ensure that the e-mail hasn´t could be modified at 100%, i have been executing several tests on the pst file and we can modify the e-mail content, the content for the attached file and changing the time for mi PC, it doesn´t seem that it has been modified, and the id for the sent e-mail doesn´t change.
I think that the only method to ensure that the e-mail has been really sent would be studying the information in the mail server. Could you tell me any procedure or forensic method to ensure that the e-mail in the local machine was sent at the time and that the content data haven´t been modified?
Thanks a lot and Regards.
Jesús