The procedure suggested by forensics companies to make a copy of a users's mailbox in a forensically sound manner is to use New-MailboxExportRequest
.
What information is modified (if any) by the use of this command?
My understanding is that the action is logged but was under the impression that the mailbox data themselves were not modified.
I would appreciate technical references if possible (I did not find any)