Didn't realise Pembrokeshire was ROI
Sorry folks - my bad. Originally from IRL but in UK now - so discussed in the context of the UK.Originally Posted by nephilim
It was never the intention to discuss any legal aspects whatsoever. I felt it was necessary to give some background. Otherwise, the query is purely technical - regarding the mechanics of how servers could be examined to prove that data was tampered with.Originally Posted by teejay
This is exactly the type of info I was looking for - thanks very much for taking the time to respond. As I don't have the technical expertise that you guys possess, can I ask do others agree that the above approach will work?Originally Posted by nephilim
Last edited by borderfox; 15th November 2011 at 01:05 PM.
SPF wont be relevant if the message are sent internally, need to clarify if the message was internal>internal?
What you need to do is.
1. Get message tracking logs from the Exchange server and analyse them
2. IF auditing is enabled, see if any send as permission were granted to this users mailbox. Again IF auditing in enabled to check if any admin modified this mailbox. Again IF auditing is enabled check to see when this object was last modified.
3. Check message headers of the messages in question.
Ahhh good point. I was assuming they would be spoofed from internal to show external which spf should show.
In that case all but the SPF record from my statement before would still be relevant.
You sir are most welcome. If it helps if I could arrange accommodation and travel I could probably do all that work for you (for a reasonable fee)
There are currently 1 users browsing this thread. (0 members and 1 guests)