If you are looking for a way to prosecute an individual, your organization should retain a lawyer who knows the law.
You can type in “forgery law” into any search engine to fine out what laws exist but you would also want to see those which apply to your state/country as well.
I am not a lawyer but I believe the act of modifying an email would fall within the legal definition of “spoliation”. One must consider the intent of the spoliator and the subsequent damage caused by the act of spoliation. For example, was it the persons intent to commit a fraud or damage the reputation of the organization? The next question is, did they succeed and what was the level of damage (monetary or reputational) caused by the act?
Prior to retaining a lawyer which will likely be a very expensive proposition, you should determine how serious this act should be taken. If you decide to proceed with either a civil or criminal suit, you should immediately apply standard computer forensic practices in order to preserve the original email and any variants because they will be “discoverable” in any action you choose to bring.
I have found that Kroll Ontrack is a great resource for case law and electronic discovery guidance related to technology legal proceedings.