Module 11 Quiz - Digital Forensics
Which of the following types of files can provide useful information when you're examining an e-mail server?
.log files
In Microsoft Outlook, e-mails are typically stored in which of the following? .evolution file res1.log and res2.log files .pst and .ost files PU020102.db file
.pst and .ost files
To trace an IP address in an e-mail header, what type of lookup service can you use?
A domain lookup service, such as www.arin.net, www.internic.com, or www.whois.net
E-mail headers contain which of the following information? An ESMTP number or reference number The sender and receiver e-mail addresses The e-mail servers the message traveled through to reach its destination All of the above
All of the above
What information is not in an e-mail header? Domain name Internet addresses Blind copy (bcc) addresses All of the above
Blind copy (bcc) addresses
When searching a victim's computer for a crime committed with a specific e-mail, which of the following provides information for determining the e-mail's originator?
Both a and c
When you access your e-mail, what type of computer architecture are you using? Domain Client/server Mainframe and minicomputers None of the above
Client/server
A forensic linguist can determine an author's gender by analyzing chat logs and social media communications.
False
You can view e-mail headers in Notepad with all popular e-mail clients.
False
Phishing does which of the following?
Lures users with false promise
Which of the following is a current formatting standard for e-mail? HTML Outlook SMTP MIME
MIME
What's the main piece of information you look for in an e-mail message you're investigating?
Originating e-mail domain or IP address
When confronted with an e-mail server that no longer contains a log with the date information you need for your investigation, and the client has deleted the e-mail, what should you do?
Restore the e-mail server from a backup.
Router logs can be used to verify what types of e-mail data? Tracking flows through e-mail server ports Finding blind copies Message content Content of attached files
Tracking flows through e-mail server ports
After examining e-mail headers to find an e-mail's originating address, investigators use forward lookups to track an e-mail to a suspect.
True
E-mail accessed with a Web browser leaves files in temporary folders.
True
To analyze e-mail evidence, an investigator must be knowledgeable about an e-mail server's internal operations.
True
Logging options on e-mail servers can be which of the following? a: Disabled by users b: Set up in a circular logging configuration c: Configured to a specified size before being overwritten Both b and c
c: Configured to a specified size before being overwritten
Sendmail uses which file for instructions on processing an e-mail message? syslogd.conf sendmail.cf mapi.log mese.ese
sendmail.cf
On a UNIX-like system, which file specifies where to save different types of e-mail log files? /var/spool/log syslog.conf maillog log
syslog.conf