*E-mail Investigation Flashcards

1
Q

As one of the primary means of communications across the Internet, _________is an important source of evidence for forensic investigators.

Conducting _____ is a critical investigative technique for law enforcement.

A

electronic mail (e-mail)

investigations on e-mail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

is short for Electronic mail

is one of the most popular uses of the Internet.

is the exchange of computer-stored messages by telecommunication. E-mail messages are usually encoded in ASCII text.

However, you can also send non-text files, such as graphic images, sound files, and programs, as attachments

A

E-mail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

E-Mail provides a criminal or terrorist organization with:

A

Anonymity
Accessibility
Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Use of E-mail - Crimes

A

Extortions
Cheating
Criminal Defamations and Hoax
Terrorism activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Use of E-mail – Tech Crimes

A

Spamming
Phishing Scam
Virus Carriers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The program that end user used to retrieve or send email from the Email server.

A

Email Client or Mail User Agent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The program or agent that receive and transfer messages from one computer to another.

A

Email Server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  • It is used to identify one users from another. It is also the mailbox assigned to the user.
A

Email Account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  • Provider of Internet Service.
A

Internet Service Provider (ISP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A unique number assigned to the computer communication on the Internet

A

IP Address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

is used to separate Account Name

and Domain Name/Host name

A

@ -

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

E-mail uses network communication protocols to deliver e-mail messages.

A

Simple Mail Transfer Protocol (SMTP)
Post Office Protocol version 3 (POP3)
Internet Message Access Protocol (IMAP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Is the de facto standard for email transmission over the Internet.

Communication between mail servers.

Used by email client to pull messages from mail server.

A

E-mail Protocol

Simple Mail Transfer Protocol ( SMTP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Email client use to retrieve messages from mail server.

Email Messages are downloaded to the computer and removed from the Mail Server.

User can read and compose messages without connected to mail server.

A

Post Office Protocol (POP3)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

It is used to access messages on mail server

Messages are stored on the server until the users choose to download or remove from the mail server.

Client s use POP3 and IMAP to retrieve messages and SMTP to send messages.

A

Internet Message Access Protocol (IMAP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Usually for email account with ISP’s.

An email client program to access the mailbox.

E.g. Outlook Express and Netscape Messenger.

Configuration is required.

Constant connection to mail server may only be required when sending or receiving messages.

A

Application Based E-mail

17
Q

Web Based E-mail
Only a _____ is required . No other programs or configurations is required.

Conveniently check emails from anywhere.

You have to remain connected when accessing mailbox.

Usually free account and limited capacity.

E.g. : Hotmail, Yahoo! And Gmail

A

web browser

18
Q

Web based mail accounts can be accessed using email client.

E.g. Gmail can be accessed using email client.

A

Crossing Path

19
Q

E-mail Investigations

The following information can be identified during an e-mail investigation:

A

Who sent the e-mail.
Who received the e-mail.
The subject of the e-mail.
The content of the e-mail.

20
Q

E–mail Investigation
To determine the “sender” of an e-mail message, investigators need to view the _________

_______ is the information added to the actual message.

Entries in the _______ is stamped by mail server handling the email

A

e-mail header.

Email header

21
Q

Where are the headers?

A

Web based email

22
Q

Once the e-mail headers have been recovered, internet search tools, such as:

www.network-tools.com
http://samspade.org/t/
http://www.wellho.net/net/world.php4

A

Can be used to determine the origin of the e-mail messages.

23
Q

Mail Tracker
Free analysis of email headers.
http://www.theinquirer.net/email_tracker.htm
eMailTrackerPro
By Visualware, trail version available.
Determine IP address, country/region or sender.
Provides a geographical trace of email when used with VisualRoute.
http://www.visualroute.com/personal/products/emailtrackerpro/index.htm

A

E-mail Headers

Useful Tools