Question 1

The _______________ utility can be used to repair .ost and .pst files, and is included with Microsoft Outlook.&#8203;&#10;A)&#8203;repairpst.exe&#10;B)&#8203;fixmail.exe&#10;C)scanpst.exe&#10;D)rebuildpst.exe

Accepted Answer

The Scanpst.exe utility is a tool that is included with Microsoft Outlook and is used to repair corrupted .ost and .pst files. It scans the file for errors and attempts to fix any issues found. The other options listed do not exist as utilities included with Microsoft Outlook.

Question 2

What type of Facebook profile is usually only given to law enforcement with a warrant?&#8203;&#10;A)basic profile&#10;B)&#8203;Neoprint profile&#10;C)advanced profile&#10;D)private profile

Accepted Answer

A Neoprint profile on Facebook is typically provided to law enforcement with a warrant. It includes a comprehensive set of account information and activity details.

Question 3

Committing crimes with e-mail is uncommon, and investigators are not generally tasked with linking suspects to e-mail.&#8203;

Accepted Answer

With the rise of technology, e-mail has become a common tool for committing crimes such as fraud, cyberbullying, and harassment. Investigators often need to track down and analyze e-mails to link suspects to their crimes.

Question 4

Which option below is the correct path to the sendmail configuration file?&#8203;&#10;A)&#8203;&#8203;/ var&#8203;/ mail&#8203;/ sendmail.cf&#10;B)&#8203;&#8203;/ usr&#8203;/ local&#8203;/ sendmail.cf&#10;C)&#8203;/ etc&#8203;/ mail&#8203;/ sendmail.cf&#10;D)&#8203;/ var&#8203;/ etc&#8203;/ sendmail.cf

Accepted Answer

The sendmail configuration file is usually located in the /etc/mail directory on most Unix-based systems, including Linux. Therefore, C is the most likely option for the correct path to the sendmail configuration file.

Question 5

What kind of files are created by Exchange while converting binary data to readable text in order to prevent loss of data?&#8203;&#10;A)&#8203;.txt&#10;B)&#8203;.log&#10;C).tmp&#10;D).exe

Accepted Answer

Exchange creates .tmp files during the conversion process to temporarily store data and prevent data loss.

Question 6

What information is not typically included in an e-mail header?&#8203;&#10;A)&#8203;The originating IP address&#10;B)&#8203;The sender's physical location&#10;C)The originating domain&#10;D)The unique ID of the e-mail

Accepted Answer

The sender's physical location is not typically included in the email header. The other options (A, C, D) are all commonly included in email headers.

Question 7

One of the most noteworthy e-mail scams was 419, otherwise known as the _______________.&#8203;&#10;A)&#8203;Iloveyou Scam&#10;B)&#8203;Conficker virus&#10;C)Nigerian Scam&#10;D)Lake Venture Scam

Accepted Answer

The Nigerian Scam, also known as 419, is one of the most notorious e-mail scams. It involves requesting the recipient to help transfer funds out of Nigeria or another country in exchange for a large commission. The scammer then requests personal and financial information or upfront payments, but the promised commission never materializes.

Question 8

&#8203;The DomainKeys Identified Mail service is a way to verify the names of domains a message is flowing through and was developed as a way to cut down on spam.

Accepted Answer

DomainKeys Identified Mail (DKIM) is a security protocol used to verify the authenticity of email messages. It allows the receiving mail server to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. It was developed as a way to reduce spam and prevent email spoofing.

Question 9

Syslog is generally configured to put all e-mail related log information into what file?&#8203;&#10;A)&#8203;&#8203;/ var&#8203;/ log&#8203;/ messages&#10;B)&#8203;&#8203;/ var&#8203;/ log&#8203;/ maillog&#10;C)&#8203;/ usr&#8203;/ log&#8203;/ mail.log&#10;D)&#8203;/ proc&#8203;/ mail

Accepted Answer

The file /var/log/maillog is where syslog typically puts all e-mail related log information. This is the most common location for email logs on Linux systems.

Question 10

On a UNIX system&#8203;, where is a user's mail stored by default?&#10;A)&#8203;&#8203;/ username&#8203;/ mail&#10;B)&#8203;&#8203;/ home&#8203;/ username&#8203;/ mail&#10;C)&#8203;/ var&#8203;/ log&#8203;/ mail&#10;D)&#8203;/ var&#8203;/ mail

Accepted Answer

By default, on a UNIX system, a user's mail is stored in the directory "/home/username/mail". The other options listed do not reflect the default location for storing mail for a user.

Question 11

Which e-mail recovery program below can recover files from VMware and VirtualPC virtual machines, as well as ISOs and other types of file backups?&#10;A)AccessData FTK&#8203;&#10;B)&#8203;EnCase Forensics&#10;C)DataNumen Outlook Repair&#10;D)Fookes Aid4mail

Accepted Answer

The answer of Which e-mail recovery program below can recover...

Question 12

The Suni Munshani v. Signal Lake Venture Fund II, LP et al case is an example of a case that involves e-mail ____________.&#8203;&#10;A)&#8203;destruction&#10;B)&#8203;spoofing&#10;C)spamming&#10;D)theft

Accepted Answer

The answer of The Suni Munshani v. Signal Lake Venture...

Question 13

The Pagefile.sys file on a computer can contain message fragments from instant messaging applications

Accepted Answer

The answer of The Pagefile.sys file on a computer can...

Question 14

&#8203;Select the program below that can be used to analyze mail from Outlook, Thunderbird, and Eudora.&#10;A)&#8203;AccessData FTK&#10;B)&#8203;R-Tools R-Mail&#10;C)DataNumen&#10;D)Fookes Aid4Mail

Accepted Answer

The answer of &#8203;Select the program below that can be...

Question 15

What command below could be used on a UNIX system to help locate log directories?&#8203;&#10;A)&#8203;detail&#10;B)&#8203;show log&#10;C)search&#10;D) find&#8203;

Accepted Answer

The answer of What command below could be used on...

Question 16

An Internet e-mail server is generally part of a local network, and is maintained and managed by an administrator for internal use by a specific company.&#8203;

Accepted Answer

The answer of An Internet e-mail server is generally part...

Question 17

In an e-mail address, everything before the @ symbol represents the domain name.&#8203;

Accepted Answer

The answer of In an e-mail address, everything before the...

Question 18

Where does the Postfix UNIX mail server store e-mail?&#8203;&#10;A)&#8203;&#8203;/ etc&#8203;/ postfix&#10;B)&#8203;&#8203;/ var&#8203;/ mail&#8203;/ postfix&#10;C)&#8203;/ home&#8203;/ username&#8203;/ mail&#10;D)&#8203;/ var&#8203;/ spool&#8203;/ postfix

Accepted Answer

The answer of Where does the Postfix UNIX mail server...

Question 19

&#8203;In older versions of exchange, what type of file was responsible for messages formatted with Messaging Application Programming Interface, and served as the database file?&#10;A)&#8203;.edi&#10;B)&#8203;.edp&#10;C).ost&#10;D).edb

Accepted Answer

The answer of &#8203;In older versions of exchange, what type...

Question 20

&#8203;In what state is sending unsolicited e-mail illegal?&#10;A)&#8203;Maine&#10;B)&#8203;New York&#10;C)Florida&#10;D)Washington

Accepted Answer

The answer of &#8203;In what state is sending unsolicited e-mail...

Question 21

Match the following terms with the correct definition below:

-A type of e-mail scam that uses DNS poisoning to redirect readers to a fake
Web site.?

A)client server ?/ architecture
B)Electronic Communications Privacy Act (ECPA)
C)Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP)
D)Internet Message Access Protocol 4 (IMAP4)
E)mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIME)
H)online social networks (OSNs)
I)pharming
J)phishing

Accepted Answer

The answer of Match the following terms with the correct...

Question 22

Match the following terms with the correct definition below:

-A type of e-mail scam that uses DNS poisoning to redirect readers to a fake
Web site.?

A)client server ?/ architecture
B)Electronic Communications Privacy Act (ECPA)
C)Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP)
D)Internet Message Access Protocol 4 (IMAP4)
E)mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIME)
H)online social networks (OSNs)
I)pharming
J)phishing

Accepted Answer

The answer of Match the following terms with the correct...

Question 23

Match the following terms with the correct definition below:

-A type of e-mail scam that uses DNS poisoning to redirect readers to a fake
Web site.?

A)client server ?/ architecture
B)Electronic Communications Privacy Act (ECPA)
C)Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP)
D)Internet Message Access Protocol 4 (IMAP4)
E)mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIME)
H)online social networks (OSNs)
I)pharming
J)phishing

Accepted Answer

The answer of Match the following terms with the correct...

Question 24

Match the following terms with the correct definition below:

-A type of e-mail scam that uses DNS poisoning to redirect readers to a fake
Web site.?

A)client server ?/ architecture
B)Electronic Communications Privacy Act (ECPA)
C)Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP)
D)Internet Message Access Protocol 4 (IMAP4)
E)mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIME)
H)online social networks (OSNs)
I)pharming
J)phishing

Accepted Answer

The answer of Match the following terms with the correct...

Question 25

?Exchange servers maintain message logs in the ________________ log file.

Accepted Answer

The answer of ?Exchange servers maintain message logs in the...

Question 26

?The ____________________ includes logging instructions and is located within the ?/ etc directory. It determines what happens to an e-mail when it is logged: the event, priority level, and the action taken.

Accepted Answer

The answer of ?The ____________________ includes logging instructions and is...

Question 27

E-mail administrators may make use of _________________, which overwrites a log file when it reaches a specified size or at the end of a specified time frame.&#8203;&#10;A)&#8203;log cycling&#10;B)&#8203;circular logging&#10;C)log recycling&#10;D)log purging

Accepted Answer

The answer of E-mail administrators may make use of _________________,...

Question 28

Similar to ARIN, the ____________ can be used to find a domain's IP address and point of contact.?

Accepted Answer

The answer of Similar to ARIN, the ____________ can be...

Question 29

Which service below does not put log information into &#8203;/ var&#8203;/ log&#8203;/ maillog?&#8203;&#10;A)&#8203;Exchange&#10;B)&#8203;SMTP&#10;C)POP&#10;D)IMAP

Accepted Answer

The answer of Which service below does not put log...

Question 30

Match the following terms with the correct definition below:

-A type of e-mail scam that uses DNS poisoning to redirect readers to a fake
Web site.?

A)client server ?/ architecture
B)Electronic Communications Privacy Act (ECPA)
C)Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP)
D)Internet Message Access Protocol 4 (IMAP4)
E)mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIME)
H)online social networks (OSNs)
I)pharming
J)phishing

فتح الحزمة

افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.

فتح الحزمة

k this deck

Accepted Answer

The answer of Match the following terms with the correct...

Question 31

What service below can be used to map an IP address to a domain name, and then find the domain name's &#8203;point of contact?&#10;A)&#8203;Google&#10;B)&#8203;ERIN&#10;C)iNet&#10;D)ARIN

Accepted Answer

The answer of What service below can be used to...

Question 32

The ___________ UNIX e-mail server has two primary configuration files, master.cf and main.cf&#8203;

Accepted Answer

The answer of The ___________ UNIX e-mail server has two...

Question 33

Many web-based e-mail providers offer _______________ services, such as Yahoo! Messenger and Google Talk.&#10;a.&#8203;client server &#8203;/ architecture

Accepted Answer

The answer of Many web-based e-mail providers offer _______________ services,...

Question 34

Match the following terms with the correct definition below:

-A type of e-mail scam that uses DNS poisoning to redirect readers to a fake
Web site.?

A)client server ?/ architecture
B)Electronic Communications Privacy Act (ECPA)
C)Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP)
D)Internet Message Access Protocol 4 (IMAP4)
E)mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIME)
H)online social networks (OSNs)
I)pharming
J)phishing

Accepted Answer

The answer of Match the following terms with the correct...

Question 35

Exchange uses an Exchange database and is based on the _______________________, which uses several files in different combinations to provide e-mail service.?&#10;A)?Microsoft Extended Mail Storage (EMS)&#10;B)?Microsoft Mail Storage Engine (MSE)&#10;C)Microsoft Extensible Storage Engine (ESE)&#10;D)Microsoft Stored Mail Extensions (SME)&#10;

Accepted Answer

The answer of Exchange uses an Exchange database and is...

Question 36

In order to retrieve logs from exchange, the PowerShell cmdlet _______________________ can be used.&#8203;&#10;A)&#8203;GetLogInfo.ps1&#10;B)&#8203;GetTransactionLogStats.ps1&#10;C)GetExchangeLogs.ps1&#10;D)ShowExchangeHistory.ps1

Accepted Answer

The answer of In order to retrieve logs from exchange,...

Question 37

Match the following terms with the correct definition below:

-A type of e-mail scam that uses DNS poisoning to redirect readers to a fake
Web site.?

A)client server ?/ architecture
B)Electronic Communications Privacy Act (ECPA)
C)Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP)
D)Internet Message Access Protocol 4 (IMAP4)
E)mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIME)
H)online social networks (OSNs)
I)pharming
J)phishing

فتح الحزمة

افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.

فتح الحزمة

k this deck

Accepted Answer

The answer of Match the following terms with the correct...

Question 38

Match the following terms with the correct definition below:

-A type of e-mail scam that uses DNS poisoning to redirect readers to a fake
Web site.?

A)client server ?/ architecture
B)Electronic Communications Privacy Act (ECPA)
C)Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP)
D)Internet Message Access Protocol 4 (IMAP4)
E)mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIME)
H)online social networks (OSNs)
I)pharming
J)phishing

فتح الحزمة

افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.

فتح الحزمة

k this deck

Accepted Answer

The answer of Match the following terms with the correct...

Question 39

Match the following terms with the correct definition below:

-A type of e-mail scam that uses DNS poisoning to redirect readers to a fake
Web site.?

A)client server ?/ architecture
B)Electronic Communications Privacy Act (ECPA)
C)Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP)
D)Internet Message Access Protocol 4 (IMAP4)
E)mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIME)
H)online social networks (OSNs)
I)pharming
J)phishing

فتح الحزمة

افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.

فتح الحزمة

k this deck

Accepted Answer

The answer of Match the following terms with the correct...

Question 40

Match the following terms with the correct definition below:

-A type of e-mail scam that uses DNS poisoning to redirect readers to a fake
Web site.?

A)client server ?/ architecture
B)Electronic Communications Privacy Act (ECPA)
C)Enhanced?/ Extended Simple Mail Transfer Protocol (ESMTP)
D)Internet Message Access Protocol 4 (IMAP4)
E)mbox
F)Messaging Application Programming Interface (MAPI)
G)Multipurpose Internet Mail Extensions (MIME)
H)online social networks (OSNs)
I)pharming
J)phishing

Accepted Answer

The answer of Match the following terms with the correct...

Question 41

Describe the e-mail client &#8203;/ server architecture.

Accepted Answer

The answer of Describe the e-mail client &#8203;/ server architecture....

Question 42

List three (3) web pages that can be used to determine point of contact for a domain, and describe how each is used.&#8203;

Accepted Answer

The answer of List three (3) web pages that can...

Question 43

Describe the Nigerian scam&#8203;.

Accepted Answer

The answer of Describe the Nigerian scam&#8203;....

Question 44

&#8203;How can routers be used to determine the path of an e-mail?

Accepted Answer

The answer of &#8203;How can routers be used to determine...

Question 45

&#8203;What is Exchange, and what information within Exchange is most valuable to investigations?

Accepted Answer

The answer of &#8203;What is Exchange, and what information within...

Question 46

Describe the two different types of Facebook profiles.

Accepted Answer

The answer of Describe the two different types of Facebook...

Question 47

&#8203;What is the syslog.conf file, and how is it used?

Accepted Answer

The answer of &#8203;What is the syslog.conf file, and how...

Question 48

Explain some of the difficulties in using social media sites as sources of forensic data.&#8203;

Accepted Answer

The answer of Explain some of the difficulties in using...

Question 49

After a crime has been committed involving e-mail, how should forensics investigators proceed?&#8203;

Accepted Answer

The answer of After a crime has been committed involving...

Question 50

Compare and contrast email services on Internet and an intranet.

Accepted Answer

The answer of Compare and contrast email services on Internet...

Deck 11: Live Acquisitions and Network Forensics