[rwmj]

Digital forensics professionals deal all the time with attempts at active fraud (eg. people deleting logs, clearing caches, etc). Even if the IT department didn't keep the logs, or tried to delete them, there would be some "Data remanence" on one of the various machines involved in sending/transmitting/receiving the email.

[dismantlethesun]

Do digital forensics professionals ever fail to find sufficient evidence, like their peers in the non-digital world?

[PeterisP]

Sure, but removing all traces is hard and most criminals are careless, sloppy or dumb.

I mean, if this particular case is real, someone has performed a serious crime, risking years in jail, for a comparably trivial reason and small gain - it's not an indication that the perpetrator is likely to be risk-averse, meticulous and smart.

If we were looking at a forged email as a part of a sophisticated campaign for extracting secret information or defrauding very large amounts of money, then it would be likely that the forgery is done carefully by skilled people thoroughly removing all traces - but for a reason like this? not likely. Heck, digital "intelligence ops" by major governments sometimes leave traces due to some sloppiness or carelessness, it's very hard to be sufficiently thorough.