Computer Forensics Ch. 11

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

A forensic linguist can determine an author's gender by analyzing chat logs and social media communications. True or False?

False

To analyze e-mail evidence, an investigator must be knowledgeable about an e-mail server's internal operations. True or False?

False

After examining e-mail headers to find an e-mail's originating address, investigators use forward lookups to track an e-mail to a suspect. True or False?

False. Reserve lookups.

E-mail accessed with a Web browser leaves files in temporary folders. True or False?

True

You can view e-mail headers in Notepad with all popular e-mail clients. True or False?

True

In Microsoft Outlook, e-mails are typically stored in which of the following? a. .pst and .ost files b. res1.log and res2.log files c. PU020102.db file d. .evolution file

a. .pst and .ost files

What information is not in an e-mail header? (Choose all that apply.) a. Blind copy (bcc) addresses b. Internet addresses c. Domain name d. Contents of the message e. Type of e-mail server used to send the e-mail

a. Blind copy (bcc) addresses d. Contents of the message

When searching a victim's computer for a crime committed with a specific e-mail, which of the following provides information for determining the e-mail's originator? (Choose all that apply.) a. E-mail header b. Username and password c. Firewall log d. All of the above

a. E-mail header c. Firewall log

E-mail headers contain which of the following information? (Choose all that apply.) a. The sender and receiver e-mail addresses b. An Enhanced Simple Mail Transport Protocol(ESMTP) number or reference number c. The e-mail servers the message traveled through to reach its destination d. The IP address of the receiving server e. All of the above

a. The sender and receiver e-mail addresses b. An Enhanced Simple Mail Transport Protocol(ESMTP) number or reference number c. The e-mail servers the message traveled through to reach its destination

Sendmail uses which file for instructions on processing an e-mail message? a. sendmail.cf b. syslogd.conf c. mese.ese d. mapi.log

a. sendmail.cf

Phishing does which of the following? a. Uses DNS poisoning b. Lures users with false promises c. Takes people to fake Web sites d. Uses DHCP

b. Lures users with false promises

Which of the following is a current formatting standard for e-mail? a. SMTP b. MIME c. Outlook d. HTML

b. MIME

What's the main piece of information you look for in an e-mail message you're investigating? a. Sender or receiver's e-mail address b. Originating e-mail domain or IP address c. Subject line content d. Message number

b. Originating e-mail domain or IP address

When confronted with an e-mail server that no longer contains a log with the date information you need for your investigation, and the client has deleted the e-mail, what should you do? a. Search available log files for any forwarded messages. b. Restore the e-mail server from a backup. c. Check the current database files for an existing copy of the e-mail. d. Do nothing because after the file has been deleted, it can no longer be recovered.

b. Restore the e-mail server from a backup.

Logging options on e-mail servers can be which of the following? (Choose all that apply.) a. Disabled by users b. Set up in a circular logging configuration c. Configured to a specified size before being overwritten d. Typically set to periodic logging mode

b. Set up in a circular logging configuration c. Configured to a specified size before being overwritten

Which of the following types of files can provide useful information when you're examining an e-mail server? a. .dbf files b. .emx files c. .log files d. .slf file

c. .log files

To trace an IP address in an e-mail header, what type of lookup service can you use? (Choose all that apply.) a. Intelius Inc.'s AnyWho online directory b. Verizon's http://superpages.com c. A domain lookup service, such as www.arin.net, www.internic.com, or www.whois.net d. Any Web search engine

c. A domain lookup service, such as www.arin.net, www.internic.com, or www.whois.net d. Any Web search engine

When you access your e-mail, what type of computer architecture are you using? a. Mainframe and minicomputers b. Domain c. Client/server d. None of the above

c. Client/server

Router logs can be used to verify what types of e-mail data? a. Message content b. Content of attached files c. Tracking flows through e-mail server ports d. Finding blind copies

c. Tracking flows through e-mail server ports

On a UNIX-like system, which file specifies where to save different types of e-mail log files? a. maillog b. /var/spool/log c. syslog.conf d. log

c. syslog.conf


Ensembles d'études connexes

Chapter 9: Inflammation and Immunity- Key Concepts/Questions

View Set

Chapter 2/3 Economics Main Ideas

View Set

Little Women by Louisa May Alcott

View Set

Chapter 11.3: Driving Forces for Change in a Business

View Set

Pharm misc. antibacterial drugs CAQs

View Set

ECON111 Review for Test 2 (6-10)

View Set

Investment & Portfolio Midterms (Identification)

View Set