Describe the process of examining e-mail messages when you have access to the victim’s computer and when this access is not possible.

What will be an ideal response?

ANSWER: After you have determined that a crime has been committed involving e-mail, access the victim’s computer or mobile device to recover the evidence on it. Using the victim’s e-mail client, find and copy any potential evidence. It might be necessary to log on to the e-mail service and access any protected or encrypted files or folders. If you can’t actually sit down at the victim’s computer, you might have to guide the victim on the phone to open and print a copy of an offending message, including the header. The header contains unique identifying numbers, such as the IP address of the server that sent the message. This information helps you trace the e-mail to the suspect.