How to Investigate a suspected image file??

Are you asking if there is any way of confirming the sent time and date of the original email or the screenshot of the email?

Are you asking if there is any way of confirming the sent time and date of the original email or the screenshot of the email?

Yes… Or if there is any way through which i can say that the image is modified using some editing tools like ms paint..

Long and short of it, if you just have a screenshot and thats it, you can say nothing about it with any authority.

hummm…
Until unless i get to access the sent items of the sender (suspect) i cannot say anything ?

But that's the fact that i have told my superiors also…

thanks a lot for backing me up D

Correct me if I'm wrong but even if the email was stored in a .pst file, the time stamp can be edited.

Correct me if I'm wrong but even if the email was stored in a .pst file, the time stamp can be edited.

You can edit a mail only when it is being forwarded right??

but here i have been given with a screen shot and the image can be easily be edited without any notifications and it can be sent…

If you were to image a machine and access the file the email is stored, a hex editor can be used to change the date and time the email was sent.

For example Outlook stores emails in a .pst file held in application data on windows. Editing the time stamp of the actual email would change how it appears in the screenshot and any further inquires.

Of course if the image is of a web based mail service its a different matter. A screenshot alone isn't reliable.

I agree with Rich. A screenshot alone is not something I would be able to attest to. No way to verify it.

Of course if the image is of a web based mail service its a different matter. A screenshot alone isn't reliable.

No luck there either (
It is G-mail account