Recently there was a situation where information was sent from an email account that was left open. I know that is a completely different issue. The problem is this, the information that was sent as an attachment shows the meta data of the person that opened the original file and was logged on, but the user states that someone else must have used a second pen drive to open the file sent. Copied the file that was sent and pasted it into the open file. This placed the original meta data on the file because the file didn't have any meta data on it. We do not believe that the file was sent from the logged in user, but the information that has been retrieved from the IT people they state that only one pen drive was used. Although the pen drive has been in the IT department hands since a few mins after the email. The file that was sent is not on the pen drive. I know that I am a little vague, but I would love to be able prove that there is a way for this situation to have happend. Please advise me