ISCS 377 Ch 11 12
Typically, UNIX installations are set to store logs in the ____ directory.
/var/log
An Internet e-mail server is generally part of a local network, and is maintained and managed by an administrator for internal use by a specific company. (T/F)
False
An intranet e-mail system is for public use and the Internet e-mail system is for private use. (T/F)
False
Depending on the warrant or subpoena, the method of seizure might be relevant. (T/F)
False
For computer investigators, it is easier to track an Internet e-mail instead of an intranet e-mail. (T/F)
False
Forensics tools can be used to trace and recover but cannot analyze e-mail messages. (T/F)
False
If you lose power on a smart phone, you can still retrieve the RAM data from the phone. (T/F)
False
In Outlook, off line files are saved in rhe .pst file. (T/F)
False
In an investigation, you should always work with the original version of the e-mail. (T/F)
False
Investigating cell phones and mobile devices has become easier because there is now a single standard for how and where cell phones store messages. (T/F)
False
Investigating crimes or policy violations involving e-mail is different than investigating other types of computer abuse and crimes. (T/F)
False
Network administrators can maintain logs of the inbound but not the outbound traffic routers handle. (T/F)
False
Once a mobile device is legally confiscated, the forensics investigator does not need a search warrant or subpoena to check the system server. (T/F)
False
Once users deleted the messages from their inboxes, most e-mail servers do not maintain copies of the clients' e-mail. (T/F)
False
The 'Reply to" field in an e-mail is a definite way of finding out the e-mail source account because it is very difficult to alter this field. (T/F)
False
The IoA will eventually include 4G smart devices, and 4G mobile networks.(T/F)
False
The SIM card and the mobile equipment (ME) are stored in one of the two stations in GSM. (T/F)
False
The Subscriber identity module (SIM) card has a microprocessor and contains 16 MB to 4 GB of EEPROM. (T/F)
False
o determine whether redirection has been used in a phishing email, you need to click on the hyperlink and then examine the URL of the suspected link. (T/F)
False
A 2nd generation cellular network standard; currently the most popular cellular network type in the world.
GSM
With many ____ e-mail programs, you can copy an e-mail message by dragging the message to a storage medium, such as a folder or drive.
GUI
Novell NetWare's e-mail service
GroupWise
The header of an e-mail contains unique identifying numbers, such as the __________ that sent the message.
IP address of the server
Most Code Division Multiple Access (CDMA) networks conform to ____________ , created by the Telecommunications Industry Association (TIA).
IS-95
An international organization dedicated to creating telecommunications standards.
ITU International Telecommunication Union
What organization is responsible for the creation of the requirements for carriers to be considered 4G?
ITU-R
The 3G standard was developed by the ____ under the United Nations.
International Telecommunications Union ITU
The SIM file structure begins with the root of the system (____).
MF
____ is a forensics software tool containing a built-in write blocker.
MOBILedit
A type of e-mail scam that is typically sent as spam soliciting persona identity information that fraudsters cam use for identity theft.
Phishing
Command line e-mail program used with UNIX
Pine
A protocol for retrieving e-mail messages from an e-mail server.
Post Office Protocol version 3 (POP3)
Which of the following is not a type of peripheral memory card used in PDAs?
RamBus (RB)
Removable cards in GSM phones that contain information for identifying subscribers. They can also store other information, such as messages and call history.
SIM
____ cards are found most commonly in GSM devices and consist of a microprocessor and from 16 KB to 4 MB of EEPROM
SIM
To view Gmail Web e-mail headers open the e-mail, click the down arrow next to the Reply circular arrow, and click ____.
Show oiginal
A protocol for sending e-mail messages between servers.
Simple Mail Transfer Protocol (SMTP)
The technique of dividing a radio frequency into time slots, used by GSM networks; also refers to a specific cellular network standard covered by Interim Standard (IS).
TDMA Time-division multiple access
A US trade association representing hundreds of telecommunications companies that works to establish and maintain telecommunications standards
TIA Telecommunications Industry Association
During a legal search, when you saw that a suspect's smart phone was attached to a computer, you need to disconnect it from the computer immediately. (T/F)
True
E-mail programs either save e-mail messages on the client computer or leave them on the server. (T/F)
True
For digital investigators, tracking intranet e-mail is easier because accounts use standard names the administrator establishes. (T/F)
True
Forensic linguistics encompasses civil cases, criminal cases, cyberterrorism cases, and other legal proceedings.
True
Hardware components in a smart phone include a microprocessor, ROM, RAM, a digital signal processor, a radio module, a microphone and speaker, hardware interfaces, and an LCD display. (T/
True
How e-mails are stored depends on the settings on the client and server. (T/F)
True
If you want to recover e-mail messages from Outlook, you might need to reconstruct .pst files and messages. (T/F)
True
In Windows, IM files and folders are usually stored under Documents and Settings\username\Application Data or under Program Files. (T/F)
True
Information in the e-mail header can help to track the suspect to the e-mail's originating location. (T/F)
True
Information stored on a SIM card includes the subscriber network, location information, address books and messages, and service-related information. (T/F)
True
Many people store more information on smartphones and tablets than on computers. (T/F)
True
Most e-mail administrators log system operations and message traffic so that they can recover e-mails in case of a disaster. (T/F)
True
Nonvolatile memory contains OS files and stored user data, such as a personal information manager (PIM) and backed-up files. (T/F)
True
Once you remove a SIM card from a smart phone, you can use a SIM card reader to read the content on the SIM card. (T/F)
True
One unique feature of FTK is that it can read .pst and .dbx files and index all text information, including attached files. (T/F)
True
Peripheral memory cards used with PDAs include compact flash, multi-media card, and secure digital (SD). (T/F)
True
Portability of information is what makes SIM cards so versatile. (T/F)
True
SIM cards come in three sizes. (T/F)
True
The Enhanced Simple Mail Transfer Protocol (ESMTP) number is located in the message's header, and is unique to each message an e-mail server transmits. (T/F)
True
The Nigerian Scam originated as a chain letter from Nigeria, Africa, with messages written in uppercase letters and poor grammar. (T/F)
True
The Pagefile.sys file on a computer can contain message fragments from instant messaging applications. (T/F)
True
The e-mail's unique ID number can be used to track the message on the originating e-mail server in e-mail logs. (T/F)
True
There are special tools that you can use to scan e-mail database files on a suspect's Windows computer, locate any e-mails the suspect has deleted, and restore them to their original state. (T/F)
True
There are special tools that you can use to scan e-mail database files on a suspect's Windows computer, locate any e-mails the suspect has deleted, and restore them to their original state. (T/F)
True
To determine whether redirection has been used in a phishing email, you need to view the message's HTML source code and check whether an Internet link is a label with a redirect to a different Web address. (T/F)
True
Volatile memory usually contains data that changes frequently, such as missed calls, text messages, and sometimes even user files. (T/F)
True
We can easily find a domain's IP address and point of contact using the Internet. (T/F)
True
You can send and receive e-mail in two environments: via the Internet or an intranet (an internal network). (T/F)
True
E-mail administrators may make use of _________________, which overwrites a log file when it reaches a specified size or at the end of a specified time frame.
circular logging
On what mobile device platform does Facebook use a SQLite database containing friends, their ID numbers, and phone numbers as well as files that tracked all uploads, including pictures?
iPhone
A method of storing e-mail messages in a flat plaintext file.
mbox
In Microsoft, Outlook, you can save sent, draft, deleted, and received e-mails in a(n) __________ file, or you can save offline files in a(n) __________ file.
pst, .ost
Transmitting an e-mail message with its header information altered so that its point of origin appears to be from a different sender.
spoofing
After you open e-mail headers, you copy and paste them into a __________ document so that you can read them with a text editor.
text
You use __________ to find and view the e-mail header.
the e-mail program that created it
____ is a way to verify the names of domains a message is flowing through.
www.dkim.org
Select the program below that can be used to analyze mail from Outlook, Thunderbird, and Eudora.
Fookes Aid4Mail
The _______________ utility can be used to repair .ost and .pst files, and is included with Microsoft Outlook.
scanpst.exe
The generation of mobile phone standards and technology that provides for more advanced features and higher data rates than the older analog and personal communications services (PCS) technologies
3G
All e-mail programs stored their files on the user's computer and therefore they require their own directories and information files on the local computer. (T/F)
False
All e-mail servers use databases that store multiple users' e-mails. (T/F)
False
An Internet e-mail server is generally part of a local network, and is maintained and managed by an administrator for internal use by a specific company. (T/F)
False
A widely used digital cell phone technology that makes use of spread-spectrum modulation to spread the signal across a wide range of frequencies.
CDMA Code Division Multiple Access
In Exchange, to prevent loss of data from the last backup, a ____ file or marker is inserted in the transaction log to mark the last point at which the database was written to disk.
Checkpoint
Clients request services from a server, and a server processes requests from clients.
Client Server architecture
The ____ network is a digital version of the original analog standard for cell phones.
D-AMPS
An improvement to GSM technology that enables it to deliver higher data rates.
EDGE
The ____ digital network, a faster version of GSM, is designed to deliver data.
EDGE
A type of nonvolatile memory that can be reprogrammed electrically, without having to physically access or remove the chip.
EEPROM
A lesser known tool used widely by government agencies is ____, which retrieves data from smartphones, GPS devices, tablets, music players, and drones.
Micro Systemation XRY
Exchang uses an Exchange database and is based on the _______________________, which uses several files in different combinations to provide e-mail service.
Microsoft Extensible Storage Engine (ESE)
To view e-mail headers on Yahoo! click the ____ list arrow, and click View Raw Message.
More
A specification for formatting non-ASCII messages, such as graphics, audio, and video, for transmission over the Internet.
Multipurpose Internet Mail Extensions (MIME)
In a Windows environment, BitPim stores files in ____ by default.
My Documents\BitPim
Text editor used with Windows
Notepad
After you open e-mail headers, copy and paste them into a text document so that you can read them with a text editor, such as Windows ____.
Notepad+
A 4G technology that uses radio waves broadcast over different frequencies; it is considered to use power more efficiently and be more immune to interference.
OFDM Orthogonal frequency-division multiplexing
Handheld electronic devices that typically contain personal productivity applications used for calendaring, contact management, and note taking.
PDAs
Unlike smart phones, these devices do not have telephony capabilities.
PDAs
Text editor used with UNIX
PICO
The first folder the GroupWise server shares
PU02101.db
