computer Forensics ch11
?
In Facebook the ____ info simply tells you the last time a person logged on.
var/log
Typically, UNIX installations are set to store logs in the ____ directory
notepad+
After you open e-mail headers, copy and paste them into a text document so that you can read them with a text editor, such as Windows ____.
client/server architecture
E-mail messages are distributed from a central server to many connected client computers, a configuration called ____.
transaction
Exchange logs information about changes to its data in a(n) ____ log.
checkpoint
In Exchange, to prevent loss of data from the last backup, a ____ file or marker is inserted in the transaction log to mark the last point at which the database was written to disk
.edb
In Microsoft Exchange, a(n) ____ file is responsible for messages formatted with MAPI.
pst
In Microsoft Outlook, you can save sent, drafted, deleted, and received e-mails in a file with a file extension of
@
In an e-mail address, everything after the ____ symbol represents the domain name
mbox
Some e-mail systems store messages in flat plaintext files, known as a(n) ____ format.
Zoho?
Some popular Web-based e-mail service providers are Gmail, ____, Outlook Online, and Yahoo!
configuration
The files that provide helpful information to an e-mail investigation are log files and ____ files.
properties
To retrieve e-mail headers in Microsoft Outlook, double-click the e-mail message, and then click File, ____. The "Internet headers" text box at the bottom of the dialog box contains the message header
show original
To view Gmail Web e-mail headers open the e-mail, click the down arrow next to the Reply circular arrow, and click___________
More
To view e-mail headers on Yahoo! click the ____ list arrow, and click View Raw Message.
GUI
With many ____ e-mail programs, you can copy an e-mail message by dragging the message to a storage medium, such as a folder or drive.
circular logging
____ allocates space for a log file on the server, and then starts overwriting from the beginning when logging reaches the end of the time frame or the specified log size
/etc/sendmail.cf
____ contains configuration information for Sendmail, helping the investigator to determine where the log files reside.
www.dkim.org
____ is a way to verify the names of domains a message is flowing through.
Forensic linguistics
____ trains people to listen to voice recordings to determine who's speaking or read e-mail and other writings known to be by a certain person and determine whether that person wrote the e-mail or letter in question.pst
