Chapter 11 email and social media investigations

Which types of files can provide useful information when you're examining an email server?

.log

In Microsoft Outlook, e-mails are typically stored in which of the following?

.pst and .ost files

When confronted with an e-mail server that no longer contains a log with the date information you need for your investigation, and the client has deleted the e-mail, what should you do?

Restore the server from a backup

To trace an IP address in an e-mail header, what type of lookup service can you use?

A domain lookup service such as Arin.net, internic.com or whois.net

What information is not in an e-mail header?

Blind copy addresses (BCC)

When you access your e-mail, what type of computer architecture are you using?

Client/Server

Logging options on e-mail servers can be:

Configured to a soecified size before being overwritten

When searching a victim's computer for a crime committed with a specific e-mail, which of the following provides information for determining the e-mail's originator?

E-mail header, firewall log

A forensic linguist can determine an author's gender by analyzing chat logs and social media communications.

False

You can view e-mail headers in Notepad with all popular e-mail clients.

False

Phishing does which of the following?

Lures users with false promises

Which of the following is a current formatting standard for e-mail

MIME

What's the main piece of information you look for in an e-mail message you're investigating?

Originating e-mail domain or IP address

Sendmail uses which file for instructions on processing an e-mail message?

Sendmail.cf

On a UNIX-like system, which file specifies where to save different types of e-mail log files?

Syslog.conf

E-mail headers contain which of the following information? (Choose all that apply.)

The sender and receiver email addresses An Enhanced Simples Mail Transfer Protocol (ESMTOP) or reference number The email servers the message traveled through to reach its destination The IP address of the receiving server

Router logs can be used to verify what types of email data?

Tracking flows through email server ports

After examining e-mail headers to find an e-mail's originating address, investigators use forward lookups to track an e-mail to a suspect

True

E-mail accessed with a web browser leaves files in temporary folders

True

To analyze e-mail evidence, an investigator must be knowledgeable about an e-mail server's internal operations

True