Digital Forensics Quiz 11
Most packet analyzer tools can read anything captured in ____ format. Pcap DOPI AIATP SYN
" "Pcap
To retrieve e-mail headers in Microsoft Outlook, double-click the e-mail message, and then click File, ____. The ""Internet headers"" text box at the bottom of the dialog box contains the message header. Options Properties Message Source Details
" "Properties
Some popular Web-based e-mail service providers are Gmail, ____, Outlook Online, and Yahoo! Twitter Greatmail Zoho Facebook
" "Zoho
In an e-mail address, everything after the ____ symbol represents the domain name. - # . @
" "@
In a(n) ____ attack, the attacker keeps asking your server to establish a connection. brute-force attack ACK flood PCAP attack SYN flood
" "SYN flood
Cellebrite includes ____, a mobile forensics tool that's often used by law enforcement and the military. BitPim MOBILedit Forensics UFED Reader DataPilot
" "UFED Reader
In Microsoft Outlook, you can save sent, drafted, deleted, and received e-mails in a file with a file extension of ____. .msg .eml .pst .ost
" ".pst
Paraben Software, a vendor of mobile forensics software, offers several tools, such as ____, for mobile device investigations. DataPilot MOBILedit! BitPim E3:DS
" "E3:DS
____ trains people to listen to voice recordings to determine who's speaking or read e-mail and other writings known to be by a certain person and determine whether that person wrote the e-mail or letter in question. Email trafficking Email forensics Forensic linguistics Communication forensics
" "Forensic linguistics
With many ____ e-mail programs, you can copy an e-mail message by dragging the message to a storage medium, such as a folder or drive. command-line GUI prompt-based shell-based
" "GUI
To view e-mail headers on Yahoo! click the ____ list arrow, and click View Raw Message. Advanced Message Properties More General Preferences
" "More
____ can help you determine whether a network is truly under attack or a user has inadvertently installed an untested patch or custom program. Broadcast forensics Network forensics Computer forensics Traffic forensics
" "Network forensics
After you open e-mail headers, copy and paste them into a text document so that you can read them with a text editor, such as Windows ____. vim Notepad+ Nano TextEdit
" "Notepad+
To view Gmail Web e-mail headers open the e-mail, click the down arrow next to the Reply circular arrow, and click ____. More options Show original Message properties Options
" "Show original
Most Code Division Multiple Access (CDMA) networks conform to IS-95, created by the ____. Telecommunications Industry Association Global System Communications Industry International Telecommunications Union Global Telecommunications Association
" "Telecommunications Industry Association
In Exchange, to prevent loss of data from the last backup, a ____ file or marker is inserted in the transaction log to mark the last point at which the database was written to disk. temporary checkpoint milestone tracking
" "checkpoint
E-mail messages are distributed from a central server to many connected client computers, a configuration called ____. peer-to-peer architecture client/server architecture client architecture central distribution architecture
" "client/server architecture
The files that provide helpful information to an e-mail investigation are log files and ____ files. .rts scripts batch configuration
" "configuration
Some e-mail systems store messages in flat plaintext files, known as a(n) ____ format. SMTP POP3 mbox MIME
" "mbox
Mobile devices can range from simple phones to ____. smartphones flip phones PDAs feature phones
" "smartphones
____ can be programmed to examine TCP headers to fin the SYN flag. Memorizer memfetch tethereal john
" "tethereal
Exchange logs information about changes to its data in a(n) ____ log. tracking transaction checkpoint communication
" "transaction
____ is a way to verify the names of domains a message is flowing through. www.google.com www.juno.com www.dkim.org www.whatis.com
" "www.dkim.org
forensic linguistics
A field where language and the law intersect to determine the author of e-mails, text messages, and other online communications. The International Association of Forensic Linguists divides this field into four categories: language and law, language in the legal process, language as evidence, and linguistic analysis.
Electronic Communications Privacy Act (ECPA)
A law enacted in 1986 to extend the Wiretap Act to cover e-mail and other data transmitted via the Internet.
mbox
A method of storing e-mail messages in a flat plaintext file.
client/server architecture
A network architecture in which each computer or process on the network is a client or server. Clients request services from a server, and a server processes requests from clients.
Post Office Protocol version 3 (POP3)
A protocol for retrieving e-mail messages from an e-mail server.
Internet Message Access Protocol 4 (IMAP4)
A protocol for retrieving e-mail messages; it's slowly replacing POP3. See also Post Office Protocol 3 (POP3).
Simple Mail Transfer Protocol (SMTP)
A protocol for sending e-mail messages between servers.
Multipurpose Internet Mail Extensions (MIME)
A specification for formatting non-ASCII messages, such as graphics, audio, and video, for transmission over the Internet.
online social networks (OSNs)
A term researchers use for social media.
pharming
A type of e-mail scam that uses DNS poisoning to redirect readers to a fake website.
phishing
A type of e-mail scam that's typically sent as spam soliciting personal identity information that fraudsters can use for identity theft.
Enhanced/Extended Simple Mail Transfer Protocol (ESMTP)
An enhancement of SMTP for sending and receiving e-mail messages. ESMTP generates a unique, nonrepeatable number that's added to a transmitted e-mail. No two messages transmitted from an e-mail server have the same ESMTP value. See also Simple Mail Transfer Protocol (SMTP).
Stored Communications Act (SCA)
Part of the Electronic Communications Privacy Act that extends to the privacy of stored communications, such as e-mail.
Messaging Application Programming Interface (MAPI)
The Microsoft system that enables other e-mail applications to work with each other.
spoofing
Transmitting an e-mail message with its header information altered so that its point of origin appears to be from a different sender; typically used in phishing and spamming to hide the sender's identity.
In Microsoft Exchange, a(n) ____ file is responsible for messages formatted with MAPI. .edb .cfg .mbx .mapi
" ".edb
____ contains configuration information for Sendmail, helping the investigator to determine where the log files reside. /etc/syslog.conf /var/log/maillog /etc/sendmail.cf /etc/var/log/maillog
" "/etc/sendmail.cf
Typically, UNIX installations are set to store logs in the ____ directory. /log /etc/var/log /etc/Log /var/log
" "/var/log
