Analysis of microsoft outlook message

[terminator2]

I have got a query from one of my customer to know whether any mail message from inbox is tampered or is as originally received.
In msoutlook settings , customer has selected not to keep messages on server so it is downloaded in outlook . Customer wants to know now whether this mail is tampered (edited) or is original one.
I want to know how to check this or if there is any tool for the same.
Thanks

[lifeguarddubai]

inbox mail cant be edited other way to find out is to ask sender .

[terminator2]

inbox mail cant be edited other way to find out is to ask sender .

WRONG ... because of this :

(...)customer has selected not to keep messages on server so it is downloaded in outlook (...)

As soon as it's inside the PC of the user it can be edited/patched even using hex editor, etc ...

Buts yes, asking the sender .... And very unlikely that someone would go to the trouble of hacking a PCB to change the e-mail contents ...

Thanks a lot spildit
Customer was suspecting someone from his organization has done editing with the help of IT personnel , Customer wants to investigate it as sender may not tell the truth or do not want senders involvement in investigation.

[terminator2]

inbox mail cant be edited other way to find out is to ask sender .

WRONG ... because of this :

(...)customer has selected not to keep messages on server so it is downloaded in outlook (...)

As soon as it's inside the PC of the user it can be edited/patched even using hex editor, etc ...

Buts yes, asking the sender .... And very unlikely that someone would go to the trouble of hacking a PCB to change the e-mail contents ...

Thanks a lot spildit
Customer was suspecting someone from his organization has done editing with the help of IT personnel , Customer wants to investigate it as sender may not tell the truth or do not want senders involvement in investigation.

It's possible to do .... for example in old outlook express database of inbox/outbox/sent/etc was saved like .dbx files on a defined folder and those files could be edited and even opened with data recovery utilities to grab deleted mail, etc ... changing those database files would be possible and editing messages as well but i don't have a clue about how to know if the files were messed up by a 3rd party or not because if you are getting mails there all the time even the time stamp would be updated to the last time you get a mail so if the file is edited by hand on the meantime i don't know if it's possible to detect if it was messed up ...

Maybe you should store those files on encrypted user folder or propect it inside a user account encrypting the files so that they can only be accessed by a specific user ? It would prevent someone else from editing the files as long as the machine doesn't have malware and the keys to unlock/encrypt/decrypt are only known to the specific user .... but if it's a computer from a firm that someone else like IP people can mess with even if it's encrypted it should be easy to install spyware to get keys when typed, even a keylogger would do the trick ...

Wo Thanks a lot spildit for such a comprehensive explanation.
Many experts have told customer that its impossible to edit email from within outlook which customer was not convinced. I have forwarded both of your posts to him and he was properly convinced . Thanks again.