hi,
 i am facing issue of hack in my network. one of the user's PST got hacked and Hacker is sending mails of same pst attached through GMail to his official ID . We blocked specific email ID but still the hacker is sending such mails.
we are unable to trace the hacker. Gone thru Event ID's but no any track been traced.
what is the way out to trace the hacker?

thanks in advance

What do you mean by "user's PST got hacked?"   PST files really don't have much in terms of security, all you have to do is open it.   The password protection feature is very rudimentary and can easily be defeated.   Are you sure these emails aren't coming from outside and aren't something like NDR bombs?

There's a million and one ways to spoof an email address to look like it's coming from one server or one user. I don't understand how a PST file can be "hacked" so that it's sending email. To my understanding the PST file is just a file that holds the user's email data, calendar, inbox, etc. When you speak of the "hacker" sending this PST file out I picture in my mind a large attachment, not spoofing.

It might not be coming from the user's computer but instead the email server. Or maybe it's just being spoofed.