Question on Yahoo mail
I have a question regarding web mail. The suspect is using another person's Yahoo email account to send emails to other people before he left the company. The Yahoo email account belongs to someone that is working in the same company.
Is there any way to show that the suspect did login to that email account on his computer?
on his of the suspect or on this of the legit account owner?
in the first case there are good chances you'll find cache stuff or artifacts related to accessing yahoo mail services.
in the second situation it's a bit complex couse you cant rely on computer forensics, but you'll need to correlate timestamps (for instance) with the presence of the owner in the company, at his workstation etc etc…
Were the emails being sent from inside the same network? If you get the access information from Yahoo on that account, you can get the IPs associated with logins to the account.
Then you can backtrack the IPs to see if they came from somewhere outside the company network.