If all you have is the email then analysis of the headers is a good start. This is not an uncommon situation, people often send email from unsecured wifi hotspots, public access computers etc. There's several avenues of investigation.

There's often a wealth of information in an email's headers. It can contain who the email is from, who it was addressed to, which IP address is came from and the route it took. I assume in this case the IP address was in the headers but the owner of said address claims no knowledge of the email being sent. It can get trickier here one but you can look to other headers for additional evidence.

Was the mail sent from a web mail account (gmail, yahoo!, hotmail) or from an email client like Outlook Express? If it came from an email client does the version number in the headers match that installed on a suspect's PC? If a webmail account was used can the provider give up and other IP addresses from which the account was accessed?

Do you believe that someone other than the owner used the wifi connection? Was encryption turned on and if so how likely is it that someone could have cracked the key? Are there any logs on the wireless access point which may provide additional info?

Those are just some thoughts.

Jimbob

Kev have you taken your Ritalin today?

lol just kidding!

Anyway I have an article here that covers some of the basics on what Kev was trying to say..

http://www.ethicalhacker.net/content/view/131/24/

Basically explains how to change your MAC address and gain access to hot spots. I do not recommend doing anything dumb from hot spots as it a matter of time till you get caught and get in trouble.

Cheers,

Brian

Thanks very much.

1. it is sure that the owner did not send the email himself and also certain that it was not sent from his PC. The IP address is obviously his and thats how he could be locatd in the first instance.

2. The headings might not have revealed required clues as otherwise further progress would have been made.

3. so far, so called experts whose help was taken have not been able to come up with an answer.

It is not clear also how exactly a third party could have sent an email with the owner's IP address.

all you say is true. the PC attached to the IP is clean.
thats' why the investigation is floundering.

Thanks. first it is already established that the Person to whom the IP relates did not send it nor was his specific computer was used. there is no network its a free standing pc.

issue is HOW TO ESTABLISH from which actual PC or which location and by whom was the hacking done whereby the email headers showed the IP address of the PC of tthe innocent wi-fi user.

the fake email is from a yahoo.com address.

apparently the experts available have not been able to make any progress.

P.S. I wonder, when messages on yahoo.com email address are downloaded, do the yahoo servers still have the messages or everything is transferred to the user's pc?

You are never going to know.  When people run their wireless unsecure or they use easy to get keys, this is what happens.  They are inviting everyone to share their wireless connection.  There are 5 bone heads on my block that run their wireless wide open.  They best be glad I am an "ethical" hacker or I would be sniffing their username/passwords, credit card info and no telling what else.

Any info they might be able to find in the logs is most likely bogus info, e.g., MAC Address, Computer Name, etc. that joined the wireless network.  It all boils down to if they believe the person that is saying "I didn't send the email".