In a UK based legal case we have a situation where an email sender claims an email was sent from a certain country (let’s say Vietnam) however the actual email address is a Hotmail.co.uk
So the person claims the email was sent from Vietnam, using Hotmail.co.uk email address. We highly suspect the account was created as a fraudulent account and the actual email originated from the UK.
I will be analysing the headers of the email (Which I can’t paste here for legal reasons) but I wanted to know the best approach proving with the best certainty which country the email was sent from. I believe the header should contain the IP address of the sending computer.
Thanks in advance.