Fraudulent Email Message Submitted as Evidence

CASE STUDY

Estate and Trust Law – Fraudulent Email Communication Presented as Legal Proof

Tags
Digital Forensics, Litigation Support, Email Analysis, Family Law, Estate and Trust Matter
Case Study on Fraudulent Email as Evidence 

Background

Client’s counsel contacted Maryman to assist with analysis of email messages allegedly sent between the client and another family member. At issue was one specific email message the opposing side provided, which contained several statements the client was adamant they did not make. The client acknowledged sending a similar email, with everything except the noted statements. A crucial point in this case was that the exemplar email message proffered by the opposing side was only a printed copy of the email. Printed documents or email messages do not contain any original file metadata which would be essential to review both for provenance and in this case, email tracing purposes. The client requested assistance in forensically collecting and analyzing their email account and several computers used both by the client and the other family member, with the goal of locating and authenticating the validity of the email message in question.

Scope

The Maryman team was hired to forensically collect and preserve both the client’s email account and several computers. Once the forensic collections had been completed, the team was to conduct searches for the email message in question. Careful review was needed not only for text within the body of the message, but also the email message’s metadata and most importantly, the embedded routing information. Email metadata and routing information are referred to as an email message’s “header.” Email headers are typically not visible to the end user unless the user specifically enables viewing header fields or uses other manual review techniques. A review of email headers will often reveal considerable information about the sender’s email account such as the email client used to send the message, message activity dates/times, routing details, along with a unique message identifier referred to as the “message ID.”

Analysis

The Maryman team utilized industry standard collection tools and proprietary techniques to successfully collect the email accounts used by the client and receiving party as well as computers used by the client and the receiving party. Analysis of the collected email accounts and computers identified several copies of the message in question. Copies were located in the client’s “sent” folder within their online email account and their laptop computer. Additionally, copies of the message were located in the receiving party’s online email account and desktop computer. Initial comparisons between all identified copies found identical message activity dates. The message body was also identical between all copies. The message body in all copies did not contain the noted statements as highlighted in the opposing side’s printed example. Further review of email message metadata found consistent message dates and times adding additional confidence that the messages were not altered in some way. Finally, an identical message ID was found embedded in all copies of the email messages which confirmed all were directly related messages and not altered.

Outcomes

The Maryman team used forensically approved tools and proprietary techniques for the collection, searching, and validation of evidence in this case. This process proved essential for the client to conclusively demonstrate, using reliable evidence, that they did not make the statements as alleged. Maryman’s analysis demonstrated that the printed email proffered by the opposing side was in fact a fraudulently altered copy of the client’s original message.
Scroll to Top