Question 1

Committing crimes with e-mail is uncommon, and investigators are not generally tasked with linking suspects to e-mail.​

Accepted Answer

A) True 
 B)False  False

Question 2

After a crime has been committed involving e-mail, how should forensics investigators proceed?​

Accepted Answer

Forensics investigators should access the victim's computer or mobile device to recover the evidence on it. Using the victim's e-mail client, find and copy any potential evidence. It might be necessary to log on to the e-mail service and access any protected or encrypted files or folders. With a corporate investigation, be sure policies are in place for this action. For a criminal investigation, you need warrants to access or get copies of files on a server. When dealing with a stalker, if you can't actually sit down at the victim's computer, you might have to guide the victim on the phone to open and print a copy of an offending message, including the header. The header contains unique identifying numbers, such as the IP address of the server that sent the message. This information helps you trace the e-mail to the suspect.

Question 3

Explain some of the difficulties in using social media sites as sources of forensic data.​

Accepted Answer

Part of the challenge in using social media information is that the data is spread over many servers, providers, and users, often requiring techniques used for "big data analytics". Additionally, social media networks can involve multiple jurisdictions that might even cross national boundaries, and social media vendors may prohibit access to their servers. Access to this information requires a warrant or subpoena. Services such as those offered by Facebook, MySpace, and other OSNs usually have legal staff that evaluate requests. Twitter, however, opposes government requests and cites the U.S. Fourth Amendment to refuse all requests.

Question 4

Match the following terms with the correct definition below:
-?A network architecture in which each computer or process on the network is a client or server. Clients request services from a server, and a server processes requests from clients.

Accepted Answer

A) client server ?/ architecture 
B) Electronic Communications Privacy Act (ECP
A)  
C) Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP) 
D) Internet Message Access Protocol 4 (IMAP4) 
E) mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIM
E) 
H)online social networks (OSNs)
I)pharming
J)phishing 
A) client server ?/ architecture 
B) Electronic Communications Privacy Act (ECP
A)  
C) Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP) 
D) Internet Message Access Protocol 4 (IMAP4) 
E) mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIM
E) 
H)online social networks (OSNs)
I)pharming
J)phishing

Question 5

What service below can be used to map an IP address to a domain name, and then find the domain name's ​point of contact?

Accepted Answer

A) ​Google 
B) ​ERIN 
C) iNet 
D) ARIN 
A) ​Google 
B) ​ERIN 
C) iNet 
D) ARIN

Question 6

Match the following terms with the correct definition below:
-?A method of storing e-mail messages in a flat plaintext file

Accepted Answer

A) client server ?/ architecture 
B) Electronic Communications Privacy Act (ECP
A)  
C) Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP) 
D) Internet Message Access Protocol 4 (IMAP4) 
E) mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIM
E) 
H)online social networks (OSNs)
I)pharming
J)phishing 
A) client server ?/ architecture 
B) Electronic Communications Privacy Act (ECP
A)  
C) Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP) 
D) Internet Message Access Protocol 4 (IMAP4) 
E) mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIM
E) 
H)online social networks (OSNs)
I)pharming
J)phishing

Question 7

Match the following terms with the correct definition below:
-A protocol for retrieving e-mail messages; it's slowly replacing POP3.

Accepted Answer

A) client server ?/ architecture 
B) Electronic Communications Privacy Act (ECP
A)  
C) Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP) 
D) Internet Message Access Protocol 4 (IMAP4) 
E) mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIM
E) 
H)online social networks (OSNs)
I)pharming
J)phishing 
A) client server ?/ architecture 
B) Electronic Communications Privacy Act (ECP
A)  
C) Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP) 
D) Internet Message Access Protocol 4 (IMAP4) 
E) mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIM
E) 
H)online social networks (OSNs)
I)pharming
J)phishing

Question 8

​In what state is sending unsolicited e-mail illegal?

Accepted Answer

A) ​Maine 
B) ​New York 
C) Florida 
D) Washington 
A) ​Maine 
B) ​New York 
C) Florida 
D) Washington

Question 9

​What is the syslog.conf file, and how is it used?

Accepted Answer

The ​/ etc​/ syslog.conf file includes e

Question 10

Match the following terms with the correct definition below:
-?A term researchers use for social media.

Accepted Answer

A) client server ?/ architecture 
B) Electronic Communications Privacy Act (ECP
A)  
C) Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP) 
D) Internet Message Access Protocol 4 (IMAP4) 
E) mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIM
E) 
H)online social networks (OSNs)
I)pharming
J)phishing 
A) client server ?/ architecture 
B) Electronic Communications Privacy Act (ECP
A)  
C) Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP) 
D) Internet Message Access Protocol 4 (IMAP4) 
E) mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIM
E) 
H)online social networks (OSNs)
I)pharming
J)phishing

Question 11

?Exchange servers maintain message logs in the ________________ log file.

Accepted Answer

The answer of ?Exchange servers maintain message logs in the...

Question 12

Which service below does not put log information into ​/ var​/ log​/ maillog?​

Accepted Answer

A) ​Exchange 
B) ​SMTP 
C) POP 
D) IMAP 
A) ​Exchange 
B) ​SMTP 
C) POP 
D) IMAP

Question 13

Match the following terms with the correct definition below:
-A type of e-mail scam that uses DNS poisoning to redirect readers to a fake
Web site.?

Accepted Answer

A) client server ?/ architecture 
B) Electronic Communications Privacy Act (ECP
A)  
C) Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP) 
D) Internet Message Access Protocol 4 (IMAP4) 
E) mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIM
E) 
H)online social networks (OSNs)
I)pharming
J)phishing 
A) client server ?/ architecture 
B) Electronic Communications Privacy Act (ECP
A)  
C) Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP) 
D) Internet Message Access Protocol 4 (IMAP4) 
E) mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIM
E) 
H)online social networks (OSNs)
I)pharming
J)phishing

Question 14

Describe the Nigerian scam​.

Accepted Answer

​One of the most noteworthy e-mail scams

Question 15

The _______________ utility can be used to repair .ost and .pst files, and is included with Microsoft Outlook.​

Accepted Answer

A) ​repairpst.exe 
B) ​fixmail.exe 
C) scanpst.exe 
D) rebuildpst.exe 
A) ​repairpst.exe 
B) ​fixmail.exe 
C) scanpst.exe 
D) rebuildpst.exe

Question 16

List three (3) web pages that can be used to determine point of contact for a domain, and describe how each is used.​

Accepted Answer

​If a domain doesn't have a Web site, a

Question 17

?The ____________________ includes logging instructions and is located within the ?/ etc directory. It determines what happens to an e-mail when it is logged: the event, priority level, and the action taken.

Accepted Answer

The answer of ?The ____________________ includes logging instructions and is...

Question 18

Match the following terms with the correct definition below:
-The Microsoft system that enables other e-mail applications to work with each other?

Accepted Answer

A) client server ?/ architecture 
B) Electronic Communications Privacy Act (ECP
A)  
C) Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP) 
D) Internet Message Access Protocol 4 (IMAP4) 
E) mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIM
E) 
H)online social networks (OSNs)
I)pharming
J)phishing 
A) client server ?/ architecture 
B) Electronic Communications Privacy Act (ECP
A)  
C) Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP) 
D) Internet Message Access Protocol 4 (IMAP4) 
E) mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIM
E) 
H)online social networks (OSNs)
I)pharming
J)phishing

Question 19

Exchange uses an Exchange database and is based on the _______________________, which uses several files in different combinations to provide e-mail service.?

Accepted Answer

A) ?Microsoft Extended Mail Storage (EMS) 
B) ?Microsoft Mail Storage Engine (MS
E)  
C) Microsoft Extensible Storage Engine (ES
E)  
D) Microsoft Stored Mail Extensions (SM
E)  
A) ?Microsoft Extended Mail Storage (EMS) 
B) ?Microsoft Mail Storage Engine (MS
E)  
C) Microsoft Extensible Storage Engine (ES
E)  
D) Microsoft Stored Mail Extensions (SM
E)

Question 20

In an e-mail address, everything before the @ symbol represents the domain name.​

Accepted Answer

A) True 
 B)False

Committing crimes with e-mail is uncommon, and investigators are not generally tasked with linking suspects to e-mail.

After a crime has been committed involving e-mail, how should forensics investigators proceed?

Explain some of the difficulties in using social media sites as sources of forensic data.

Match the following terms with the correct definition below: -?A network architecture in which each computer or process on the network is a client or server. Clients request services from a server, and a server processes requests from clients.

What service below can be used to map an IP address to a domain name, and then find the domain name's point of contact?

Match the following terms with the correct definition below: -?A method of storing e-mail messages in a flat plaintext file

Match the following terms with the correct definition below: -A protocol for retrieving e-mail messages; it's slowly replacing POP3.

In what state is sending unsolicited e-mail illegal?

What is the syslog.conf file, and how is it used?

Match the following terms with the correct definition below: -?A term researchers use for social media.

?Exchange servers maintain message logs in the ________________ log file.

Which service below does not put log information into / var/ log/ maillog?

Match the following terms with the correct definition below: -A type of e-mail scam that uses DNS poisoning to redirect readers to a fake Web site.?

Describe the Nigerian scam.

The _______________ utility can be used to repair .ost and .pst files, and is included with Microsoft Outlook.

List three (3) web pages that can be used to determine point of contact for a domain, and describe how each is used.

?The ____________________ includes logging instructions and is located within the ?/ etc directory. It determines what happens to an e-mail when it is logged: the event, priority level, and the action taken.

Match the following terms with the correct definition below: -The Microsoft system that enables other e-mail applications to work with each other?

Exchange uses an Exchange database and is based on the _______________________, which uses several files in different combinations to provide e-mail service.?

In an e-mail address, everything before the @ symbol represents the domain name.

Understanding the Digital Forensics Profession and Investigations

The Investigators Office and Laboratory

Data Acquisition

Processing Crime and Incident Scenes

Working With Windows and Cli Systems

Current Computer Forensics Tools

Macintosh and Linux Boot Processes and File Systems

Recovering Graphics Files

Computer Forensics Analysis and Validation

Virtual Machine and Cloud Forensics

Email Investigations

Cell Phone and Mobile Device Forensics

Report Writing for High Tech Investigations

Expert Testimony in High Tech Investigations

Ethics for the Investigator and Expert Witness

Filters

Exam 11: Live Acquisitions and Network Forensics

Committing crimes with e-mail is uncommon, and investigators are not generally tasked with linking suspects to e-mail.​

After a crime has been committed involving e-mail, how should forensics investigators proceed?​

Explain some of the difficulties in using social media sites as sources of forensic data.​

Match the following terms with the correct definition below: -?A network architecture in which each computer or process on the network is a client or server. Clients request services from a server, and a server processes requests from clients.

What service below can be used to map an IP address to a domain name, and then find the domain name's ​point of contact?

Match the following terms with the correct definition below: -?A method of storing e-mail messages in a flat plaintext file

Match the following terms with the correct definition below: -A protocol for retrieving e-mail messages; it's slowly replacing POP3.

​In what state is sending unsolicited e-mail illegal?

​What is the syslog.conf file, and how is it used?

Match the following terms with the correct definition below: -?A term researchers use for social media.

?Exchange servers maintain message logs in the ________________ log file.

Which service below does not put log information into ​/ var​/ log​/ maillog?​

Match the following terms with the correct definition below: -A type of e-mail scam that uses DNS poisoning to redirect readers to a fake Web site.?

Describe the Nigerian scam​.

The _______________ utility can be used to repair .ost and .pst files, and is included with Microsoft Outlook.​

List three (3) web pages that can be used to determine point of contact for a domain, and describe how each is used.​

?The ____________________ includes logging instructions and is located within the ?/ etc directory. It determines what happens to an e-mail when it is logged: the event, priority level, and the action taken.

Match the following terms with the correct definition below: -The Microsoft system that enables other e-mail applications to work with each other?

Exchange uses an Exchange database and is based on the _______________________, which uses several files in different combinations to provide e-mail service.?

In an e-mail address, everything before the @ symbol represents the domain name.​

Understanding the Digital Forensics Profession and Investigations

The Investigators Office and Laboratory

Data Acquisition

Processing Crime and Incident Scenes

Working With Windows and Cli Systems

Current Computer Forensics Tools

Macintosh and Linux Boot Processes and File Systems

Recovering Graphics Files

Computer Forensics Analysis and Validation

Virtual Machine and Cloud Forensics

Email Investigations

Cell Phone and Mobile Device Forensics

Report Writing for High Tech Investigations

Expert Testimony in High Tech Investigations

Ethics for the Investigator and Expert Witness

Filters

Committing crimes with e-mail is uncommon, and investigators are not generally tasked with linking suspects to e-mail.

After a crime has been committed involving e-mail, how should forensics investigators proceed?

Explain some of the difficulties in using social media sites as sources of forensic data.

What service below can be used to map an IP address to a domain name, and then find the domain name's point of contact?

In what state is sending unsolicited e-mail illegal?

What is the syslog.conf file, and how is it used?

Which service below does not put log information into / var/ log/ maillog?

Describe the Nigerian scam.

The _______________ utility can be used to repair .ost and .pst files, and is included with Microsoft Outlook.

List three (3) web pages that can be used to determine point of contact for a domain, and describe how each is used.

In an e-mail address, everything before the @ symbol represents the domain name.