Digital Forensics Quiz 11
Most packet analyzer tools can read anything captured in ____ format. Pcap DOPI AIATP SYN
" "Pcap
To retrieve e-mail headers in Microsoft Outlook, double-click the e-mail message, and then click File, ____. The ""Internet headers"" text box at the bottom of the dialog box contains the message header. Options Properties Message Source Details
" "Properties
Some popular Web-based e-mail service providers are Gmail, ____, Outlook Online, and Yahoo! Twitter Greatmail Zoho Facebook
" "Zoho
In an e-mail address, everything after the ____ symbol represents the domain name. - # . @
" "@
In a(n) ____ attack, the attacker keeps asking your server to establish a connection. brute-force attack ACK flood PCAP attack SYN flood
" "SYN flood
Cellebrite includes ____, a mobile forensics tool that's often used by law enforcement and the military. BitPim MOBILedit Forensics UFED Reader DataPilot
" "UFED Reader
Exchange logs information about changes to its data in a(n) ____ log. tracking transaction checkpoint communication
" "transaction
____ is a way to verify the names of domains a message is flowing through. www.google.com www.juno.com www.dkim.org www.whatis.com
" "www.dkim.org
forensic linguistics
A field where language and the law intersect to determine the author of e-mails, text messages, and other online communications. The International Association of Forensic Linguists divides this field into four categories: language and law, language in the legal process, language as evidence, and linguistic analysis.
Electronic Communications Privacy Act (ECPA)
A law enacted in 1986 to extend the Wiretap Act to cover e-mail and other data transmitted via the Internet.
mbox
A method of storing e-mail messages in a flat plaintext file.
client/server architecture
A network architecture in which each computer or process on the network is a client or server. Clients request services from a server, and a server processes requests from clients.
Post Office Protocol version 3 (POP3)
A protocol for retrieving e-mail messages from an e-mail server.
Stored Communications Act (SCA)
Part of the Electronic Communications Privacy Act that extends to the privacy of stored communications, such as e-mail.
Messaging Application Programming Interface (MAPI)
The Microsoft system that enables other e-mail applications to work with each other.
spoofing
Transmitting an e-mail message with its header information altered so that its point of origin appears to be from a different sender; typically used in phishing and spamming to hide the sender's identity.
In Microsoft Exchange, a(n) ____ file is responsible for messages formatted with MAPI. .edb .cfg .mbx .mapi
" ".edb
____ contains configuration information for Sendmail, helping the investigator to determine where the log files reside. /etc/syslog.conf /var/log/maillog /etc/sendmail.cf /etc/var/log/maillog
" "/etc/sendmail.cf
Typically, UNIX installations are set to store logs in the ____ directory. /log /etc/var/log /etc/Log /var/log
" "/var/log
In Microsoft Outlook, you can save sent, drafted, deleted, and received e-mails in a file with a file extension of ____. .msg .eml .pst .ost
" ".pst
Paraben Software, a vendor of mobile forensics software, offers several tools, such as ____, for mobile device investigations. DataPilot MOBILedit! BitPim E3:DS
" "E3:DS
____ trains people to listen to voice recordings to determine who's speaking or read e-mail and other writings known to be by a certain person and determine whether that person wrote the e-mail or letter in question. Email trafficking Email forensics Forensic linguistics Communication forensics
" "Forensic linguistics
With many ____ e-mail programs, you can copy an e-mail message by dragging the message to a storage medium, such as a folder or drive. command-line GUI prompt-based shell-based
" "GUI
To view e-mail headers on Yahoo! click the ____ list arrow, and click View Raw Message. Advanced Message Properties More General Preferences
" "More
____ can help you determine whether a network is truly under attack or a user has inadvertently installed an untested patch or custom program. Broadcast forensics Network forensics Computer forensics Traffic forensics
" "Network forensics
After you open e-mail headers, copy and paste them into a text document so that you can read them with a text editor, such as Windows ____. vim Notepad+ Nano TextEdit
" "Notepad+
To view Gmail Web e-mail headers open the e-mail, click the down arrow next to the Reply circular arrow, and click ____. More options Show original Message properties Options
" "Show original
Most Code Division Multiple Access (CDMA) networks conform to IS-95, created by the ____. Telecommunications Industry Association Global System Communications Industry International Telecommunications Union Global Telecommunications Association
" "Telecommunications Industry Association
In Exchange, to prevent loss of data from the last backup, a ____ file or marker is inserted in the transaction log to mark the last point at which the database was written to disk. temporary checkpoint milestone tracking
" "checkpoint
E-mail messages are distributed from a central server to many connected client computers, a configuration called ____. peer-to-peer architecture client/server architecture client architecture central distribution architecture
" "client/server architecture
The files that provide helpful information to an e-mail investigation are log files and ____ files. .rts scripts batch configuration
" "configuration
Some e-mail systems store messages in flat plaintext files, known as a(n) ____ format. SMTP POP3 mbox MIME
" "mbox
Mobile devices can range from simple phones to ____. smartphones flip phones PDAs feature phones
" "smartphones
____ can be programmed to examine TCP headers to fin the SYN flag. Memorizer memfetch tethereal john
" "tethereal
Enhanced/Extended Simple Mail Transfer Protocol (ESMTP)
An enhancement of SMTP for sending and receiving e-mail messages. ESMTP generates a unique, nonrepeatable number that's added to a transmitted e-mail. No two messages transmitted from an e-mail server have the same ESMTP value. See also Simple Mail Transfer Protocol (SMTP).
Internet Message Access Protocol 4 (IMAP4)
A protocol for retrieving e-mail messages; it's slowly replacing POP3. See also Post Office Protocol 3 (POP3).
Simple Mail Transfer Protocol (SMTP)
A protocol for sending e-mail messages between servers.
Multipurpose Internet Mail Extensions (MIME)
A specification for formatting non-ASCII messages, such as graphics, audio, and video, for transmission over the Internet.
online social networks (OSNs)
A term researchers use for social media.
pharming
A type of e-mail scam that uses DNS poisoning to redirect readers to a fake website.
phishing
A type of e-mail scam that's typically sent as spam soliciting personal identity information that fraudsters can use for identity theft.
