Often forensics consultants are involved in looking through temporary internet files, re-building pages, proving an email was or was not sent, or a certain webpage was visited.
However, if you want the best source of information, go to the web hosting company, e.g Hotmail, Google, or Yahoo!, and they can provide the logs or emails (court orders and subpoenas allowing).
This is exactly what happened in 2008 when the well known dating site, Match.com was in the dock, providing evidence for the US government, against a Rositsa Dimitrova. In this case of the United States of America V Rositsa Dimitrova.
In this case Dimistrova was a Bulgarian living in the US who, with 1 month left on her visa suddenly married another Bulgarian in the US, who had a visa, which gave her a visa by marraige. The US Citizen and Immigratin Service investigated the marriage and found it to be fradulent.
Part of the evidence put forward by the US Government was that the Dimitrova had a Match.com account that she used before and after her marriage, further more her account was updated after the marriage, but the status remained “single” and “never married”.
No doubt other evidence from Hotmail, Yahoo!, and standard investigations on her hard drive would have been used, as well as traditional interviews with friends and neighbours, but its reported the the Match.com IT staff were giving evidence for a period of time, probably not something the IT guys at Match expected.
Will this mean that Match.com DatingDirect.com, and the other dating sites will be chaging their data retention policies to support government investigations?
This story was first reported, in detail on the site Bow Ties Law’s Blog