Pau Lo

<div>
&gt;None of these will tell you winch exact items were accessed though.<br />
<br />
What would they tell you then in regards to the question?
</div>


>None of these will tell you winch exact items were accessed though.

What would they tell you then in regards to the question?

<div>
They will tell you when/where from the account was accessed, whether any additional workloads were accessed and so on. There are tons of audited activities, but &quot;reading&quot; messages in your own mailbox is simply not one of them.
</div>


They will tell you when/where from the account was accessed, whether any additional workloads were accessed and so on. There are tons of audited activities, but "reading" messages in your own mailbox is simply not one of them.

<div>
If the account was compromised by IMAP, it is accessible by all other means. If data was forwarded, it shoukd be part of the sent..
</div>


If the account was compromised by IMAP, it is accessible by all other means. If data was forwarded, it shoukd be part of the sent..

<div>
<div class="content wysiwyg-content">
if you suspect someones office365 email account may have been compromised via imap protocol (now disabled on the account and pwd updated), where specifically could you look to see if any specific data from their account has been breached/leaked/viewed? would there be any traces within the mailbox itself, or other administrative features/logs of office365?
</div>
</div>


if you suspect someones office365 email account may have been compromised via imap protocol (now disabled on the account and pwd updated), where specifically could you look to see if any specific data from their account has been breached/leaked/viewed? would there be any traces within the mailbox itself, or other administrative features/logs of office365?

imap connection office365

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

Exchange

Digital forensics encompasses the recovery and investigation of material found in digital devices, often in relation to computer crime. Digital forensics investigations have a variety of applications. The most common is to support or refute a hypothesis before criminal or civil (as part of the electronic discovery process) courts. The technical aspect of an investigation is divided into several sub-branches, relating to the type of digital devices involved; computer forensics, network forensics, forensic data analysis and mobile device forensics. The typical forensic process encompasses the seizure, forensic imaging (acquisition) and analysis of digital media and the production of a report into collected evidence.

Digital Forensics

Microsoft Outlook is a personal information manager from Microsoft, available as a part of the Microsoft Office suite. Although often used mainly as an email application, it also includes a calendar, task manager, contact manager, note-taker, journal, and web browser.

Outlook

Office 365 is a group of software plus services subscriptions that provides productivity software and related services to its subscribers. Office 365 allows the use of Microsoft Office apps on Windows and OS X, provides storage space on Microsoft's cloud storage service OneDrive, and grants 60 Skype minutes per month. Office 365 includes e-mail and social networking services through hosted versions of Exchange Server, Skype for Business Server, SharePoint and Office Online, integration with Yammer, as well as access to the Office software. All of Office 365's components can be managed and configured through an online portal; users can be added manually, imported from a CSV file, or Office 365 can be set up for single sign-on with a local Active Directory using Active Directory Federation Services.

Microsoft 365

Within Internet message handling services (MHS), a message transfer agent or mail transfer agent (MTA) or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture. A MTA implements both the client (sending) and server (receiving) portions of the Simple Mail Transfer Protocol (SMTP). The terms mail server, mail exchanger, and MX host may also refer to a computer performing the MTA function. The Domain Name System (DNS) associates a mail server to a domain with mail exchanger (MX) resource records containing the domain name of a host providing MTA services.

Email Servers

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.