Messages are stored in the archive store in raw (EML) format, with a custom header. If a forensics company needs to access the messages it should not take much effort for them to work out how to strip the custom header information.
The custom header information consists of lines with a 2 character type indicator, followed by data. Some of the header fields which may be present are:
•TY - type - POP3/SMTP - how the message was received by VPOP3
•RP - SMTP return path
•SU - subject
•IP - IP address the message came from
•TI - Timestamp in hex FILETIME format
•RC - Recipient