Computer Forensics and Investigations: Chapters 11

Ace your homework & exams now with Quizwiz!

Phishing does which of the following?

Lures users with false promises.

What's the main piece of information you look for in an e-mail message you're investigating?

Originating e-mail domain or IP address

Sendmail uses which file for instructions on processing an e-mail message?

Sendmail.cf

Messaging Application Programming Interface (MAPI)

The Microsoft system that enables other e-mail applications to work with each other.

On a UNIX-like system, which file specifies where to save different types of e-mail log files?

syslog.conf

When confronted with an e-mail server that no longer contains a log with the date information you need for your investigation, and the client has deleted the e-mail, what should you do?

Restore the e-mail server from a backup

Which of the following types of files can provide useful information when you're examining an e-mail server?

.log files

In Microsoft Outlook, what are the e-mail storage files typically found on a client computer?

.pst and .ost

To trace an IP address in an e-mail header, what type of lookup service can you use? (Choose all that apply.)

A domain lookup service, such as www.arin.net, www.internic.com, or www.whois.net Any Web search engine.

mbox

A method of storing e-mail messages in a flat plaintext file.

Pharming

A phishing attack that automatically redirects the user to a fake site.

Post Office Protocol version 3 (POP3)

A protocol for retrieving e-mail messages from an e-mail server.

Multipurpose Internet Mail Extensions (MIME)

A protocol that enables operating systems to map file name extensions to corresponding applications. Also used by applications to automatically process files downloaded from the Internet.

Simple Mail Transfer Protocol (SMTP)

An Internet-standard protocol for sending email messages between servers on IP networks.

What information is not in an e-mail header? (Choose all that apply.)

Blind copy (Bcc) addresses Contents of the message

When you access your email, what type of computer architecture are you using?

Client/server

Logging options on many e-mail servers can be:

Disabled by the administrator Set up in a circular logging configuration Configured to a specified size before being overwritten

When searching a victim's computer for a crime committed with a specific e-mail, which of the following provides information for determining the e-mail's originator? (Choose all that apply.)

E-mail header. Firewall log.

To analyze e-mail evidence, an investigator must be knowledgeable about an e-mail server's internal operations. True or False?

False

UNIX, NetWare, and Microsoft email servers create specialized databases for every email user. True or False?

False

E-mail headers contain which of the following information?

The sender and receiver e-mail addresses. An ESMTP number or reference number. The e-mail servers the message traveled through to reach its destination. The IP address of the receiving server.

Router logs can be used to verify what types of e-mail data?

Tracking flows through e-mail server ports

Spoofing

Transmitting an e-mail message with its header information altered so that its point of origin appears to be from a different sender; typically used in phishing and spamming to hide the sender's identity.

All e-mail headers contain the same types of information. True or False?

True

Internet e-mail accessed with a Web brower leaves files in temporary folders. True or False.

True

You can view e-mail headers in Notepad with all popular e-mail clients. True or False?

True

The term "via Frontend Transport" in a header indicates that the e-mail is on which of the following?

UNIX server

online social networks (OSNs)

A term researchers use for social media.

Which of the following is a current formatting standard for e-mail?

MIME

Stored Communications Act (SCA) of 1986

Part of the Electronic Communications Privacy Act that extends to the privacy of stored communications, such as e-mail.


Related study sets

Code, Standards, and Practices 1

View Set