The latest industry news and insights
Since the introduction of the internet and the digital world in which we live, emails are now a cornerstone of electronic communication. In 2017 it was estimated that 269 billion emails were sent and received worldwide. In 2022 that figure grew to 319 billion and is predicted to reach 376 billion by 2025. With this immense volume of emails being sent and received, there are instances where the authenticity of an email gets called into question. This is typically during a criminal or civil investigation and digital forensic expertise is required to determine the validity of the electronic communication. Confirming the authenticity of forensically acquired emails and identifying the metadata is particularly useful in Litigation and Will disputes. However, the collection of complete email accounts can be useful when investigating company data theft.
Investigations can be based upon numerous circumstances.
A client was facing a tribunal based on an accusation by an employee who stated that they only received the email outlining his gross misconduct until after his dismissal. the employee claimed the email was written and sent post-interview to justify the termination of his employment, and therefore he had been unfairly dismissed. Without this email evidence, the company were likely to be found in breach of employment law and potentially liable to pay several thousands of pounds in compensation to the ex-employee.
The company could not locate the email in question on their server. CYFOR were able to remotely acquire the email account in question and identify and produce the email. The subsequent metadata analysis confirmed the author, date of creation and date and time it was sent. This evidence and court-admissible report when presented led to the claimant withdrawing their tribunal claim.
“This was obviously a vexatious claim designed to frighten the client into paying a settlement. The client was faced with incurring significant costs in time and money defending this claim, or by paying the claimant. CYFOR acting as independent forensic specialists were able to recover the email and using metadata analysis, prove the email creation and sent date and confirm it was sent and received prior to the disciplinary hearing.” – CYFOR Corporate Forensics Manager, Andy Coleman
CYFOR were instructed by a client to investigate the theft of their data by an ex-employee who was setting up a business in direct competition to their own. We were provided with the ex-employee’s work laptop, however, because they suspected access to their 365 account, we also acquired all the logs. This was important due to the limited retention period this data is held for.
Forensic analysis of the logs on the Microsoft 365 account allowed CYFOR to identify the ex-employee was sending and deleting emails to themselves, combining this with her access to company files using the laptop at the same time was conclusive enough to suggest the exfiltration of the data.
“In a civil case such as this, the burden of proof is not the same as a criminal case. Based on the evidence CYFOR acquired allowed the client to apply for all the data to be returned and an undertaking it would not be used by the ex-employee.”- CYFOR Corporate Forensics Manager, Andy Coleman
The investigation of suspect emails should always be undertaken by digital forensics professionals. This is to ensure that;
After submitting an enquiry, a member of our team will be in touch with you as soon as possible
Your information will only be used to contact you, and is lawfully in accordance with the General Data Protection Regulation (GDPR) act, 2018.