I have a scenero I would like to run by the security experts.
User1 claims his email account was hacked and used to correspond in email to unknown people. The ip information from his ISP shows activity with his email account from his computer. ( At the time, this user was not behind a firewall and was using a public ip address) So it appears that someone hacked his computer and sent email s, etc.. using his ip address. Almost like this person had full access.. His ISP records show activity with his ip even when he wasn't using his computer or even home.
My questions are... 1. what would be the next step to try and determine where the inbound connection came from, if that is even possible at this point. 2. There is a person who is believed to have been the possible user who hacked this account. Is there some way this can be proved ? Keeping in mind.. Could this user's ISP records be able to show the connection ?
Just looking for the next logical step to try and determine or have all steps been exhausted.
Thanks in advance for any help or guidance.