Hi
I am trying to help a friend who is in a legal dispute and cannot afford the expense of computer forensic experts investigating a litigation issue. The court case has already nearly bankrupted her. In a nutshell, she was conned by someone and tried to sue them for her lost savings. The con artist has used the age-old trick of dragging and convoluting legal matters so much in order to make her mentally break, or win by default when she can no longer proceed due to finances.
She is close to a nervous breakdown but I am desperately hoping that I have found something that might be a lifeline (at least to risk further legal expense to pursue it). In short I think the other party has forged an email on MS Outlook, to change what had originally been said.
The are submitting this email, which was sent from one employee to another (not to my client), to try to show something happened on a certain date (in the content of the email of course which isn't relevant here and for legal reasons need to keep this as anonymous as possible).
The legal side were able to get the header data from the email sent. Here it is. I have replaced anything personal with Mr X and Mr Y, but if anyone thinks that anyone of the code data is in anyway relatable to someone – let me know I will alter it.
From "mr y" <IMCEAEX-
_O=mrx_OU=FIRST+20ADMINISTRATIVE+20GROUP_CN=RECIPIENTS_CN=mry@
mrx.com>
To "Mr X" <mrx@mrx.com>
Subject
Date Mon, 17 Aug 2009 142323 -0000
Message-ID
<B9AEF2610B5B734B81B7BDE3C129B391208A51@sbsserver.mrx.local>
MIME-Version 1.0
Content-Type multipart/alternative;
boundary="—-=_NextPart_000_000A_01CFF364.6F6D0A90"
X-Mailer Microsoft Outlook 14.0
Content-class urncontent-classesmessage
Thread-Index AQLnkjSJuPJ9m0ea4HGGL5Wbzj+Zsg==
I might be clutching at straws, but it was noticed that “X-Mailer Microsoft Outlook 14.0” was mentioned in the header data. With my very limited knowledge, I think this relates to the Outlook build which was only released with Microsoft Office 2010 which was only released in mid-2010, but the email date stamp is Aug 2009.
Please can someone tell me if this is relevant? If someone can confirm that it is ‘not possible’ for the X-Mailer entry to say that if it were sent in 2009, then I think we can go down the lines of further investigation. This would involve applying to the court to get hold of computers used etc.
Anyway I am hoping someone can help. My friend is in desperate need of a bit of luck. Any help or pointers would be most gratefully received.
Please help!
Concerned Friend
PS - the -0000 timezone wasn't altered by me, i assume it is because the emails were sent within GMT timezone.
What I can say is that you are correct, Office 2010 (and conversely Outlook 2010) was not released to *anyone* before April 15, 2010
http//
BUT ( there were leaked prebuild versions before August 2009
http//
Cannot say if any of those sported the "Microsoft Outlook 14.0".
IF they do, though VERY unlikely that one of those builds was actually used in a business (even if "flaky") it remains a possibility.
jaclaz
yeah reading your link it looks like the leaked versions that were available to the masses as pirate softwarre (bit torrent networks) was 30th Aug, way after this email was sent.
Highly implausible that the company would have risked litigation using pre-release software, even if they knew how to get it, if it weren't yet available on torrents.
Not only that, but they would have had functional emails anyway, they had been going a long time. why risk the integrity of the compapnies emails using beta versions of software, not like any great advantage for all the risks (security, legal, etc).
I dont buy it.
Thanks for the reply. Its been helpful and put me in the right direction. Hoping someone else can help if they spot anything else of value.
Can you please list any other forums where my question might be seen by more traffic, or might better suited to ask there?
I know you have offered help - but who knows somewhere else i may land on an expert who has dealt with the same thing before or who has a more definitive and conclusive answer for me.
Thanks again.
By the way, that e-mail header is incomplete if it was ever sent.
Any and all SMTP messages will have at least a single "Received" line, even if the message is on the same mail server.
Furthermore, presuming Microsoft Small Business Sever (from the sbsserver), there would be at least half dozen other X- tags in the message.
What happened at the meet & confer? Where is all the discovery material from the other party? Much of this should have never be coming in this format from the other side.