Chapter 11 email and social media investigations
Which types of files can provide useful information when you're examining an email server?
.log
In Microsoft Outlook, e-mails are typically stored in which of the following?
.pst and .ost files
When confronted with an e-mail server that no longer contains a log with the date information you need for your investigation, and the client has deleted the e-mail, what should you do?
Restore the server from a backup
To trace an IP address in an e-mail header, what type of lookup service can you use?
A domain lookup service such as Arin.net, internic.com or whois.net
What information is not in an e-mail header?
Blind copy addresses (BCC)
When you access your e-mail, what type of computer architecture are you using?
Client/Server
Logging options on e-mail servers can be:
Configured to a soecified size before being overwritten
When searching a victim's computer for a crime committed with a specific e-mail, which of the following provides information for determining the e-mail's originator?
E-mail header, firewall log
A forensic linguist can determine an author's gender by analyzing chat logs and social media communications.
False
You can view e-mail headers in Notepad with all popular e-mail clients.
False
Phishing does which of the following?
Lures users with false promises
Which of the following is a current formatting standard for e-mail
MIME
What's the main piece of information you look for in an e-mail message you're investigating?
Originating e-mail domain or IP address
Sendmail uses which file for instructions on processing an e-mail message?
Sendmail.cf
On a UNIX-like system, which file specifies where to save different types of e-mail log files?
Syslog.conf
E-mail headers contain which of the following information? (Choose all that apply.)
The sender and receiver email addresses An Enhanced Simples Mail Transfer Protocol (ESMTOP) or reference number The email servers the message traveled through to reach its destination The IP address of the receiving server
Router logs can be used to verify what types of email data?
Tracking flows through email server ports
After examining e-mail headers to find an e-mail's originating address, investigators use forward lookups to track an e-mail to a suspect
True
E-mail accessed with a web browser leaves files in temporary folders
True
To analyze e-mail evidence, an investigator must be knowledgeable about an e-mail server's internal operations
True