Module 11 Quiz Flashcards
Which of the following types of files can provide useful information when you’re examining an e-mail server?
.emx files
.slf files
.log files
.dbf files
.log files
After examining e-mail headers to find an e-mail’s originating address, investigators use forward lookups to track an e-mail to a suspect.
True
False
True
What information is not in an e-mail header?
Domain name
Internet addresses
Blind copy (bcc) addresses
All of the above
Blind copy (bcc) addresses
To trace an IP address in an e-mail header, what type of lookup service can you use?
Intelius Inc.’s AnyWho online directory
Verizon’s http://superpages.com
A domain lookup service, such as www.arin.net, www.internic.com, or www.whois.net
None of the above
A domain lookup service, such as www.arin.net, www.internic.com, or www.whois.net
When confronted with an e-mail server that no longer contains a log with the date information you need for your investigation, and the client has deleted the e-mail, what should you do?
Check the current database files for an existing copy of the e-mail.
Search available log files for any forwarded messages.
Restore the e-mail server from a backup.
Do nothing because after the file has been deleted, it can no longer be recovered.
Restore the e-mail server from a backup.
To analyze e-mail evidence, an investigator must be knowledgeable about an e-mail server’s internal operations.
True
False
True
When searching a victim’s computer for a crime committed with a specific e-mail, which of the following provides information for determining the e-mail’s originator?
a: E-mail header
b: Username and password
c: Firewall log
Both a and c
Both a and c
Phishing does which of the following?
Uses DNS poisoning
Uses DHCP
Lures users with false promises
Takes people to fake Web sites
Lures users with false promises
What’s the main piece of information you look for in an e-mail message you’re investigating?
Message number
Sender or receiver’s e-mail address
Subject line content
Originating e-mail domain or IP address
Originating e-mail domain or IP address
On a UNIX-like system, which file specifies where to save different types of e-mail log files?
/var/spool/log
syslog.conf
maillog
log
syslog.conf
In Microsoft Outlook, e-mails are typically stored in which of the following?
.evolution file
res1.log and res2.log files
.pst and .ost files
PU020102.db file
.pst and .ost files
Sendmail uses which file for instructions on processing an e-mail message?
syslogd.conf
sendmail.cf
mapi.log
mese.ese
sendmail.cf
A forensic linguist can determine an author’s gender by analyzing chat logs and social media communications.
True
False
False
Logging options on e-mail servers can be which of the following?
a: Disabled by users
b: Set up in a circular logging configuration
c: Configured to a specified size before being overwritten
Both b and c
c: Configured to a specified size before being overwritten
When you access your e-mail, what type of computer architecture are you using?
Domain
Client/server
Mainframe and minicomputers
None of the above
Client/server
