In 2015 I was convicted of a serious criminal offence and sentenced to years in prison. I am now out on bail pending appeal. In evidence was an email that I sent from Toronto in the ealry morning hours of Sept. 19, 2011 but bore a timestamp of 1206 PM, which very much appeared to the court that the email was intended to create an alibi for me it's a long story.
Is there any way to track down the true time that email was sent? I have the original headers from the email, which DOES bear a timestamp of 1206. I have spoken to computer specialists who have insisted that the email must have been sent at the time of the timestamp.
It wasn't.
I am rapidly running out of time on this.
Are you sure it wasn't in UTC ?
That was taken into account the timestamp is 1206 PM. One proposed possibility is that it was sent via a very weak wireless signal which in fact it was! Whether this is what happened or some other thing, I need to know how to dig out the info in a manner that a court would consider proof.
Is there any way to track down the true time that email was sent?
Unless the email header was forged/fiddled with, the send date/time in the header is correct.
There may be an issue with timezone (and possibly also with DST - Daylight Saving Time or whatever it is called in the US, but this will only at the most offset one hour), check against
https://
Without the actual data in the header it is impossible to know if any of the above issues may be relevant.
Besides the specific e-mail, a complete report/examination of the device mass storage involved may provide a timeline of the usage, and either support the accuracy of that date/timestamp (and the way the data has been interpreted) or put it in doubt.
jaclaz
That was taken into account the timestamp is 1206 PM.
We need the actual FULL DATA as is.
1206 PM means NOTHING.
1206 PM (+0000) means something, 1206 PM (-0500) means something else.
See also reply on your duplicate thread
https://www.forensicfocus.com/Forums/viewtopic/t=16293/
jaclaz
I would not be surprised to learn that the timestamp had been altered by police experts, if such a thing is possible I suffer from no psychoses and why I consider such a thing possible is yet another long story.
I have the email headers, they take up 2 pages but there was no way to attach it to my posts.
I owned 2 computers at the time the email was sent, a PC and laptop. Over the years I was in prison (since Sept. 2011 until Feb 2016) the PC has disappeared but I have laptop and the drive has not been formatted.
I have the email headers, they take up 2 pages but there was no way to attach it to my posts.
Make SURE (and I mean REALLY SURE, DOUBLE and TRIPLE check this) that you "anonymize" them ACCURATELY, removing ALL occurrences of the Sender address (replacing it with - say - "not-real-sender@somewhere.com) and ALL occurrences of the Recipient(s) (replacing it/them with - still say - "not-real-recipient@somewhereelse.com) .
Then copy and paste to - say - pastebin
https://pastebin.com/
and post a link to the page.
jaclaz
Duplicate topics merged (also, see above post for good advice).
https://
You will see a date of Sep 20, 2011 at the top of the page this is the receiver of my Sep 19, 2011 forwarding the email headers to an investigating police officer the email headers. as you will probably immediately realize, are of the email I sent on Sep. 19, 2011.
Everything happened (roughly) on
Date Mon, 19 Sep 2011 090653 -0700 PDT
give or take a few minutes.
Some of the intermediate "hops" are
Date Mon, 19 Sep 2011 160653 -0000 (i.e. UTC)
The PDT means Pacific Daylight Time
https://
And it is actually -0700 (seven hours behind) UTC.
This is compliant/coherent with the "default" settings for Yahoo Mail
https://
In UTC the time needs to be added 7 hours, so it comes out as 9+7=16
160653 UTC (or Zulu or -0000)
In Toronto, on 19 Sep 2011 local time should have been
https://
EDT, i.e. UTC minus 4 hours
https://
which translates to 16-4=12
120653 -0400 EDT
jaclaz