Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: howlinhound

How about ZERO!

these were pulled from backup tapes and will likely be exported mail files in .PST format. If it was easy or routine to modify these, Businesses would have been doing in for years to avoid lawsuits. You cannot simply modify a mail store without leaving a trace, especially when its off of a backup. There will likely be forensics work in place to prevent ANY tampering or even the chance of it appearing tampered.

For forensic work like this, you use a Write blocker, when transferring or examining data.


22 posted on 11/21/2014 2:14:20 PM PST by drunknsage
[ Post Reply | Private Reply | To 3 | View Replies ]

To: drunknsage

That was helpful info. Thanks.


28 posted on 11/21/2014 2:21:04 PM PST by Fantasywriter (Any attempt to do forensic work using Internet artifacts is fraught with pitfalls. JoeProbono)
[ Post Reply | Private Reply | To 22 | View Replies ]
To: drunknsage

Not to mention those emails will have message headers with timestamps, messageids, bytecounts, and thread indexes that would all have to be modified to match any changes made to the messages. I don’t think that bunch of affirmative action union drones is that good.


29 posted on 11/21/2014 2:21:14 PM PST by tacticalogic
[ Post Reply | Private Reply | To 22 | View Replies ]
To: drunknsage

By comparing the “hash values” it should show if the files have been changed.


163 posted on 11/22/2014 4:15:28 AM PST by tired&retired
[ Post Reply | Private Reply | To 22 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson