Which statement best describes local archives in email forensics?

• A. They are stored on the mail server and require network access
• B. They are stored on the local client and can present evidentiary concerns if altered
• C. They are not admissible in court
• D. They are identical to server storage archives

Answer: (B)

The main idea is that local archives are copies stored on the end user’s machine rather than on the mail server, and they can raise evidentiary concerns if they’ve been altered. Because they reside on a local client, these archives are more vulnerable to tampering, deletion, or modification, so in forensics you must verify authenticity and integrity—typically by using forensically sound collection methods, maintaining chain of custody, and checking hashes or digital signatures. This is why the statement describing local archives as being stored on the local client and potentially problematic if altered is the best fit. The server-side option describes different storage, not local archives; claiming they’re automatically admissible without proper authentication is incorrect, and assuming they’re identical to server archives ignores possible differences in formats, metadata, and scope.