Web based email systems may be a source of pristine digital evidence because of the perceived difficulty of client tampering with messages stored inside the email account. We demonstrate that such assumption is wrong in the case of Windows Live Hotmail®1 . Windows Live Mail®1 synchronises message on client-side computers with the Hotmail® server, benefiting users wishing to synchronise their email accounts and personal devices. However, this synchronisation opens an exploit for wrongdoers to tamper with existing email messages and attachments as well as facilitating the insertion of fabricated messages. The exploit process enables persistent storage of tampered and fabricated messages on the Hotmail®1 server. The exploitation favours both account owners and wrongdoers who gain unauthorised access of others’ accounts. Even if tampering were suspected, we anticipate some difficulties in validating messages to determine their reliability and relevance. We predict, with trepidation, that the exploit process will become commonplace and pose greater challenges to the cyber forensics examiner and legal practitioner during investigations and legal proceedings. Regrettably, the exploit complements the existing arsenal of tools for email forgery. More ominously, it provides opportunity for traceless injection of illicit material/malware onto any machine synchronised with the Hotmail® account
