Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)


Web based email systems may be a source of pristine digital evidence because of the perceived difficulty of client tampering with messages stored inside the email account. We demonstrate that such assumption is wrong in the case of Windows Live Hotmail®1 . Windows Live Mail®1 synchronises message on client-side computers with the Hotmail® server, benefiting users wishing to synchronise their email accounts and personal devices. However, this synchronisation opens an exploit for wrongdoers to tamper with existing email messages and attachments as well as facilitating the insertion of fabricated messages. The exploit process enables persistent storage of tampered and fabricated messages on the Hotmail®1 server. The exploitation favours both account owners and wrongdoers who gain unauthorised access of others’ accounts. Even if tampering were suspected, we anticipate some difficulties in validating messages to determine their reliability and relevance. We predict, with trepidation, that the exploit process will become commonplace and pose greater challenges to the cyber forensics examiner and legal practitioner during investigations and legal proceedings. Regrettably, the exploit complements the existing arsenal of tools for email forgery. More ominously, it provides opportunity for traceless injection of illicit material/malware onto any machine synchronised with the Hotmail® account.


Alexander, A. (2008). JT Shannon Lumber Company, Incorporated versus Gilco Lumber Incorporated. Mississippi: United States District Court, Northern District of Mississippi, Delta Division.

Ardley, J. (2011). Personal communication with Microsoft: Live Mail (Hotmail) functionality. (Affidavit). Perth, Australia.

Attorney-General’s Department. (2010). Carrier-carriage service provider data set consultation paper. Retrieved April 17, 2012, from http://images.smh.com.au/file/2010/07/23/1710367/SecretDocument.PDF?rand=1279847709475

Boddington, R. G., Hobbs, V. J., & Mann, G. (2008). Validating digital evidence for legal argument. Paper presented at the SECAU Security Conferences: The 6th Australian Digital Forensics Conference, Perth, WA.

Craddock, D. (2010a). A short history of Hotmail. Retrieved April 17, 2012, from http://windowsteamblog.com/windows_live/b/windowslive/archive/2010/01/06 /a-short-history-of-Hotmail.aspx

Craddock, D. (2010b). Hotmail now supports push email, calendar, and contacts with Exchange ActiveSync, Inside Windows Live.

Craddock, D. (2011). Hey! My friend’s account was hacked! Retrieved April 17, 2012, from http://windowsteamblog.com/windows_live/b/windowslive/archive/2011/07/14 /hey-my-friend-s-account-was-hacked.aspx

Dardick, G. S. (2010). Cyber forensic assurance. Paper presented at the 8th Australian Digital Forensics Conference.

Florencio, D., & Herley, C. (2007). A large-scale study of web password habits. In: WWW. Proceedings of the 16th International Conference on World Wide Web, New York, American Computer Magazine.

LeBlanc, B. (2007a). Introducing Windows Live Mail. Retrieved April 17, 2012, from http://windowsteamblog.com/windows/b/windowsexperience/archive/2007/05/ 07/introducing-windows-live-mail.aspx

LeBlanc, B. (2007b). Microsoft Outlook Connector beta now available. Retrieved April 17, 2012, from http://windowsteamblog.com/windows/b/windowsexperience/archive/2007/06/ 11/microsoft-office-outlook-connector-beta-now-available.aspx

Levi, A., & Koc, C.K. (2001). Inside risks: Risks in email security. Communications of the ACM, 44(8): 112.

Preibusch, S., & Bonneau, J. (2010). The Password Game: Negative Externalities from Weak Password Practices. In Alpcan, Buttyán, and Baras (Eds.), Decision and Game Theory for Security. Heidelberg, Springer-Verlang. 6442: 192-207.

Sierra, P. (2010). What draws people to Windows Live Mail and other email applications? Inside Windows Live.

Sunner, M. (2005). Email security best practice. Network Security, 2005(12): 4-7.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.