Module 11 E-mail and Social Media Investigations

Ace your homework & exams now with Quizwiz!

E-mail headers contain which of the following information?

- An ESMTP number or reference number - The sender and receiver e-mail addresses - The e-mail servers the message traveled through to reach its destination

Which of the following types of files can provide useful information when you're examining an e-mail server?

.log files

In Microsoft Outlook, e-mails are typically stored in which of the following?

.pst and .ost files

To trace an IP address in an e-mail header, what type of lookup service can you use?

A domain lookup service, such as www.arin.net, www.internic.com, or www.whois.net

forensic linguistics

A field where language and the law intersect to determine the author of e-mails, text messages, and other online communications. The International Association of Forensic Linguists divides this field into four categories: language and law, language in the legal process, language as evidence, and research/teaching. Digital forensics focuses on language as evidence.

Electronic Communications Privacy Act (ECPA)

A law enacted in 1986 to extend the Wiretap Act to cover e-mail and other data transmitted via the Internet.

mbox

A method of storing e-mail messages in a flat plaintext file.

client/server architecture

A network architecture in which each computer or process on the network is a client or server. Clients request services from a server, and a server processes requests from clients.

Post Office Protocol version 3 (POP3)

A protocol for retrieving e-mail messages from an e-mail server.

Internet Message Access Protocol 4 (IMAP4)

A protocol for retrieving e-mail messages; it's slowly replacing POP3. See also Post Office Protocol 3 (POP3).

Simple Mail Transfer Protocol (SMTP)

A protocol for sending e-mail messages between servers.

Multipurpose Internet Mail Extensions (MIME)

A specification for formatting non- ASCII messages, such as graphics, audio, and video, for transmission over the Internet.

online social networks (OSNs)

A term researchers use for social media.

pharming

A type of e-mail scam that uses DNS poisoning to redirect readers to a fake Web site.

phishing

A type of e-mail scam that's typically sent as spam soliciting personal identity information that fraudsters can use for identity theft.

Which of the following tools can be used to examine the contents of a .pst file?

Aid4Mail

Enhanced/Extended Simple Mail Transfer Protocol (ESMTP)

An enhancement of SMTP for sending and receiving e-mail messages. ESMTP generates a unique, nonrepeatable number that's added to a transmitted e-mail. No two messages transmitted from an e-mail server have the same ESMTP value. See also Simple Mail Transfer Protocol (SMTP).

What information is not in an e-mail header?

Blind copy (bcc) addresses

When you access your e-mail, what type of computer architecture are you using?

Client/server

What social media forensics tool was used in this chapter?

Facebook Forensics

A forensic linguist can determine an author's gender by analyzing chat logs and social media communications.

False

You can view e-mail headers in Notepad with all popular e-mail clients.

False

In a typical e-mail, where can you expect to find the IP address of the sender?

Header

Phishing does which of the following?

Lures users with false promises

Which of the following is a current formatting standard for e-mail?

MIME

What's the main piece of information you look for in an e-mail message you're investigating?

Originating e-mail domain or IP address

Stored Communications Act (SCA)

Part of the Electronic Communications Privacy Act that extends to the privacy of stored communications, such as e-mail.

What type of e-mail typically lures users to sites or asks for sensitive information?

Phishing

When confronted with an e-mail server that no longer contains a log with the date information you need for your investigation, and the client has deleted the e-mail, what should you do?

Restore the e-mail server from a backup.

Once you find the originating e-mail address, you can track the message to a suspect by doing what?

Reverse lookups

Messaging Application Programming Interface (MAPI)

The Microsoft system that enables other e-mail applications to work with each other.

Router logs can be used to verify what types of e-mail data?

Tracking flows through e-mail server ports

spoofing

Transmitting an e-mail message with its header information altered so that its point of origin appears to be from a different sender; typically used in phishing and spamming to hide the sender's identity. See also phishing.

After examining e-mail headers to find an e-mail's originating address, investigators use forward lookups to track an e-mail to a suspect.

True

E-mail accessed with a Web browser leaves files in temporary folders.

True

To analyze e-mail evidence, an investigator must be knowledgeable about an e-mail server's internal operations.

True

When searching a victim's computer for a crime committed with a specific e-mail, which of the following provides information for determining the e-mail's originator?

a: E-mail header c: Firewall log

Logging options on e-mail servers can be which of the following?

c: Configured to a specified size before being overwritten

Sendmail uses which file for instructions on processing an e-mail message?

sendmail.cf

On a UNIX-like system, which file specifies where to save different types of e-mail log files?

syslog.conf


Related study sets

PrepU #3 Parkinsons, MS, and Sz Quiz

View Set

Pearson Vol 3 Chapter 12: Perfusion

View Set

Chapter 8 Anatomy and Physiology

View Set

Location Strategy: Use Location to Build Competitive Advantage

View Set