Forensics study guide chapter 12
Which of the following types of files can provide useful information when you're examining an e-mail server? a. .dbf firles b. .emx files c. .log files d. .slf files
.log files
Logging options on many email servers can be: a. Disabled by the administrator b. Set up in circular logging configuration c. Configured to a specified size before being overwritten d. All of the above
All of the above
To analyze e-mail evidence, an investigator must be knowledgeable about an e-mail server's internal operations. True or False?
False
UNIX, NetWare, and Microsoft email servers create specialized databases for every email user. True or False?
False
What is the e-mail storage frmat in Novell Evolution?
Mbox
When confronted with an e-mail server that no longer contains a log with the date information you need for your investigation you need for your investigation, and the client has deleted the e-mail, what should you do? a. search available log files for any forwarded messages b. restore the e-mail server from a backup c. check the current database files for an existing copy of the e-mail d. after it's deleted, the file can o longer be recovered.
Restore the e-mail server from a backup
Sendmail uses which file for instructions on processing an e-mail message?
Sendmail.cf
Router logs can be used to verify what types of email data? a. Message content b. content of attached files c. tracking flows though e-mail server ports d. finding blind copies
Tracking flows through email server ports
All email headers contain the same types of information. True or False?
True
Internet e-mail accessed with a Web brower leaves files in temporary folders. True or False.
True
You can view e-mail headers in all popular e-mail clients. True or False?
True
In Microsoft Outlook, what are the email storage files typically found on a client computer? a. .pst & .ost b. res1.log & res2.log c. PU020102.db d. .evolution
a. .pst and .ost
To trace an IP address in an email header, what type of lookup service can you use? (Choose all that apply) a. ATT anywho online directory b. Verizon superpages.com c. A Domain lookup service, such as www.arin.net, www.internic.com.,or ww.whois.net d. Any web search engine
a. A Domain lookup service, such as www.arin.net, www.internic.com.,or ww.whois.net d. Any Web search engine
What information is not in an e-mail header? a. blind copy addresses b. internet addresses c. domain name d. contents of the message e. type of e-mail server used to sen the e-mail
a. Blind copy (Bcc) addresses d. Contents of the message
When searching a victims computer for a crime committed with a specific email, what provides information for determining the emails originator? (choose all that apply) a. E-mail header b. username and password c. Firewall log d. All of the above
a. E-mail header c. Firewall log
E-mail headers contain which of the following information? (Choose all that apply.) a. The sender and receiver email addresses b. An Enhanced Simples Mail Transfer Protocol (ESMTOP) or reference number c. The email servers the message traveled through to reach its destination d. The IP address of the receiving server a. All of the above
a. The sender and receiver email addresses b. An Enhanced Simples Mail Transfer Protocol (ESMTOP) or reference number c. The email servers the message traveled through to reach its destination
Which of the following is a current formatting standard for e-mail? a. SMTP b. MIME c. Outlook d. HTML
b. MIME
What's the main piece of information you look for in an email message you're investigating? a. Senders or receivers's e-mail address b. originating email domain or IP address c. Subject line content d. Message Number e. All of the above
b. Origination email domain or IP address
In UNIX e-mail, the syslog.conf file contains what information? a. logging instructions for the sendmail.cf file b. the event, the priority level of concern, and the action taken when an e-mail is logged c. SMPT executable code d. POP3 executable code
b. The even, the priority level of concern, and the action taken when an e-mail is logged
When you access your email, what type of computer architecture are you using? a. mainframe and minicomputers b. Domain c. Client/server d. None of the above.
c. Client/server
