Maryman- Digital Forensic Services

Fraudulent Email Message Submitted as Evidence

CASE STUDY

Estate and Trust Law – Fraudulent Email Communication Presented as Legal Proof

Tags
Digital Forensics, Litigation Support, Email Analysis, Family Law, Estate and Trust Matter
Case Study on Fraudulent Email as Evidence 

Background

Client’s counsel contacted Maryman to assist with analysis of email messages allegedly sent between the client and another family member. At issue was one specific email message the opposing side provided, which contained several statements the client was adamant they did not make. The client acknowledged sending a similar email, with everything except the noted statements. A crucial point in this case was that the exemplar email message proffered by the opposing side was only a printed copy of the email. Printed documents or email messages do not contain any original file metadata which would be essential to review both for provenance and in this case, email tracing purposes. The client requested assistance in forensically collecting and analyzing their email account and several computers used both by the client and the other family member, with the goal of locating and authenticating the validity of the email message in question.

Scope

The Maryman team was hired to forensically collect and preserve both the client’s email account and several computers. Once the forensic collections had been completed, the team was to conduct searches for the email message in question. Careful review was needed not only for text within the body of the message, but also the email message’s metadata and most importantly, the embedded routing information. Email metadata and routing information are referred to as an email message’s “header.” Email headers are typically not visible to the end user unless the user specifically enables viewing header fields or uses other manual review techniques. A review of email headers will often reveal considerable information about the sender’s email account such as the email client used to send the message, message activity dates/times, routing details, along with a unique message identifier referred to as the “message ID.”

Analysis

The Maryman team utilized industry standard collection tools and proprietary techniques to successfully collect the email accounts used by the client and receiving party as well as computers used by the client and the receiving party. Analysis of the collected email accounts and computers identified several copies of the message in question. Copies were located in the client’s “sent” folder within their online email account and their laptop computer. Additionally, copies of the message were located in the receiving party’s online email account and desktop computer. Initial comparisons between all identified copies found identical message activity dates. The message body was also identical between all copies. The message body in all copies did not contain the noted statements as highlighted in the opposing side’s printed example. Further review of email message metadata found consistent message dates and times adding additional confidence that the messages were not altered in some way. Finally, an identical message ID was found embedded in all copies of the email messages which confirmed all were directly related messages and not altered.

Outcomes

The Maryman team used forensically approved tools and proprietary techniques for the collection, searching, and validation of evidence in this case. This process proved essential for the client to conclusively demonstrate, using reliable evidence, that they did not make the statements as alleged. Maryman’s analysis demonstrated that the printed email proffered by the opposing side was in fact a fraudulently altered copy of the client’s original message.

Our Mission

To provide our clients with solutions that are conducted with complete confidentiality and proven expertise, replacing questions and liabilities with answers and value. To be responsive to the unique and individual needs of our clients and consistently deliver quality professional services at reasonable costs.

Request a
Consultation Today

818-290-3775

Maryman- Digital Forensic Services
© Copyright 2001 – 2023. Maryman PI Number: CA PI # 26012 | Privacy Policy | All Rights Reserved.
Maryman- Digital Forensic Services

Founded in 2001, Maryman is a professional services firm with 100+ years of experience in digital forensics, specializing in the  full range of investigative and litigation support for cyber matters. Headquartered in Los Angeles, we serve our clients nationwide with local response and global reach across all continents.

Our Services

Digital Forensics Incident Response (DFIR)

Cyber Investigations

Electronic Discovery (e-Discovery)

Expert Witness Testimony Services

Email Forensics (Device & Cloud Accounts)

Mobile (Cell Phone) Forensics

Contacts

joe.greenfield@maryman.com
818-290-3775
  • 16000 Ventura Blvd. Suite 1204 Encino, CA 91436
  • *Office visits are by appointment only
© Copyright 2001 – 2024. Maryman PI Number: CA PI # 26012 | Privacy Policy | All Rights Reserved. Developed by TLG Marketing
Scroll to Top