Tracking NT users within Exchange

I have a user that suspects that his email box is compromised. How would I go about tracking his mailbox to determine what NT user account accessed his email and when.

For example, if the user (NTDOMAIN\LUSR1) is the rightful owner of a mailbox then how can I find out if his cubemate NTDOMAIN\JHCKR) is accessing his mailbox.

I checked the tracking logs and while it gives me message-ids, times, dates, and recipients, it doesn’t give me the NT user name that actually sent the email on behalf of the Exchange email box.

Is there a central place or a hidden log or tracking file that I can use to enumerate an exchange email account to an NT account and the times and dates of those accesses?

Thougts?

Thanks!!