Chat with AI
Deck 12: E-Mail Investigations
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/48
Play
Full screen (f)
Deck 12: E-Mail Investigations
1
For older UNIX applications, such as mail or mailx, you can print the e-mail headers by using the ____ command.
A) prn
B) print
C) prnt
D) prt
A) prn
B) print
C) prnt
D) prt
B
2
With many ____ e-mail programs, you can copy an e-mail message by dragging the message to a storage medium, such as a folder or disk.
A) command-line
B) shell-based
C) prompt-based
D) GUI
A) command-line
B) shell-based
C) prompt-based
D) GUI
D
3
E-mail messages are distributed from one central server to many connected client computers, a configuration called ____.
A) client/server architecture
B) central distribution architecture
C) client architecture
D) peer-to-peer architecture
A) client/server architecture
B) central distribution architecture
C) client architecture
D) peer-to-peer architecture
A
4
To view AOL e-mail headers click Action, ____ from the menu.
A) More options
B) Message properties
C) Options
D) View Message Source
A) More options
B) Message properties
C) Options
D) View Message Source
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
5
For computer investigators, tracking intranet e-mail is relatively easy because the accounts use standard names established by the network or e-mail administrator.
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
6
Typically, UNIX installations are set to store logs such as maillog in the ____ directory.
A) /etc/Log
B) /log
C) /etc/var/log
D) /var/log
A) /etc/Log
B) /log
C) /etc/var/log
D) /var/log
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
7
Like UNIX e-mail servers, Exchange maintains logs to track e-mail communication.
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
8
In an e-mail address, everything after the ____ symbol represents the domain name.
A) #
B) .
C) @
D) -
A) #
B) .
C) @
D) -
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
9
To retrieve an Outlook Express e-mail header right-click the message, and then click ____ to open a dialog box showing general information about the message.
A) Properties
B) Options
C) Details
D) Message Source
A) Properties
B) Options
C) Details
D) Message Source
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
10
To view e-mail headers on Yahoo! click the ____ link in the Mail Options window, and then click Show all headers on incoming messages.
A) Advanced
B) General Preferences
C) Message Properties
D) More information
A) Advanced
B) General Preferences
C) Message Properties
D) More information
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
11
To retrieve e-mail headers in Microsoft Outlook, right-click the e-mail message, and then click ____ to open the Message Options dialog box. The Internet headers text box at the bottom of the dialog box contains the message header.
A) Options
B) Details
C) Properties
D) Message Source
A) Options
B) Details
C) Properties
D) Message Source
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
12
In Exchange, to prevent loss of data from the last backup, a ____ file or marker is inserted in the transaction log to mark the last point at which the database was written to disk.
A) tracking
B) checkpoint
C) temporary
D) milestone
A) tracking
B) checkpoint
C) temporary
D) milestone
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
13
All e-mail servers are databases that store multiple users' e-mails.
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
14
Exchange logs information about changes to its data in a(n) ____ log.
A) checkpoint
B) communication
C) transaction
D) tracking
A) checkpoint
B) communication
C) transaction
D) tracking
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
15
You can always rely on the return path in an e-mail header to show the source account of an e-mail message.
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
16
E-mail programs either save e-mail messages on the client computer or leave them on the server.
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
17
____ is a comprehensive Web site that has options for searching for a suspect, including by e-mail address, phone numbers, and names.
A) www.freeality.com
B) www.google.com
C) www.whatis.com
D) www.juno.com
A) www.freeality.com
B) www.google.com
C) www.whatis.com
D) www.juno.com
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
18
When working on a Windows environment you can press ____ to copy the selected text to the clipboard.
A) Ctrl+A
B) Ctrl+C
C) Ctrl+V
D) Ctrl+Z
A) Ctrl+A
B) Ctrl+C
C) Ctrl+V
D) Ctrl+Z
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
19
____ allocates space for a log file on the server, and then starts overwriting from the beginning when logging reaches the end of the time frame or the specified log size.
A) Continuous logging
B) Automatic logging
C) Circular logging
D) Server logging
A) Continuous logging
B) Automatic logging
C) Circular logging
D) Server logging
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
20
____ contains configuration information for Sendmail, allowing the investigator to determine where the log files reside.
A) /etc/sendmail.cf
B) /etc/syslog.conf
C) /etc/var/log/maillog
D) /var/log/maillog
A) /etc/sendmail.cf
B) /etc/syslog.conf
C) /etc/var/log/maillog
D) /var/log/maillog
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
21
In UNIX e-mail servers, the ____________________ file simply specifies where to save different types of e-mail log files.
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
22
Match each item with a statement below:
a.Contacts
f.Notepad
b.Pico
g.CISCO Pix
c.syslogd file
h.www.whatis.com
d.www.arin.net
i.Pine
e.PU020101.db
text editor used with Windows
a.Contacts
f.Notepad
b.Pico
g.CISCO Pix
c.syslogd file
h.www.whatis.com
d.www.arin.net
i.Pine
e.PU020101.db
text editor used with Windows
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
23
Match each item with a statement below:
a.Contacts
f.Notepad
b.Pico
g.CISCO Pix
c.syslogd file
h.www.whatis.com
d.www.arin.net
i.Pine
e.PU020101.db
text editor used with UNIX
a.Contacts
f.Notepad
b.Pico
g.CISCO Pix
c.syslogd file
h.www.whatis.com
d.www.arin.net
i.Pine
e.PU020101.db
text editor used with UNIX
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
24
GroupWise has ____ ways of organizing the mailboxes on the server.
A) 2
B) 3
C) 4
D) 5
A) 2
B) 3
C) 4
D) 5
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
25
The Novell e-mail server software is called ____.
A) Sendmail
B) GroupWise
C) Sawmill
D) Guardian
A) Sendmail
B) GroupWise
C) Sawmill
D) Guardian
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
26
Match each item with a statement below:
a.Contacts
f.Notepad
b.Pico
g.CISCO Pix
c.syslogd file
h.www.whatis.com
d.www.arin.net
i.Pine
e.PU020101.db
Web site to check file extensions and match the file to a program
a.Contacts
f.Notepad
b.Pico
g.CISCO Pix
c.syslogd file
h.www.whatis.com
d.www.arin.net
i.Pine
e.PU020101.db
Web site to check file extensions and match the file to a program
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
27
Match each item with a statement below:
a.Contacts
f.Notepad
b.Pico
g.CISCO Pix
c.syslogd file
h.www.whatis.com
d.www.arin.net
i.Pine
e.PU020101.db
a network firewall device
a.Contacts
f.Notepad
b.Pico
g.CISCO Pix
c.syslogd file
h.www.whatis.com
d.www.arin.net
i.Pine
e.PU020101.db
a network firewall device
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
28
Describe the process of examining e-mail messages when you have access to the victim's computer and when this access is not possible.
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
29
Match each item with a statement below:
a.Contacts
f.Notepad
b.Pico
g.CISCO Pix
c.syslogd file
h.www.whatis.com
d.www.arin.net
i.Pine
e.PU020101.db
includes e-mail logging instructions
a.Contacts
f.Notepad
b.Pico
g.CISCO Pix
c.syslogd file
h.www.whatis.com
d.www.arin.net
i.Pine
e.PU020101.db
includes e-mail logging instructions
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
30
An e-mail address in the Return-Path line of an e-mail header is usually indicated as the ____________________ field in an e-mail message.
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
31
Administrators usually set e-mail servers to ____________________ logging mode.
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
32
You can send and receive e-mail in two environments:via the ____________________ or an intranet (an internal network).
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
33
The GroupWise logs are maintained in a standard log format in the ____ folders.
A) MIME
B) mbox
C) QuickFinder
D) GroupWise
A) MIME
B) mbox
C) QuickFinder
D) GroupWise
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
34
Some e-mail systems store messages in flat plaintext files, known as a(n) ____ format.
A) POP3
B) mbox
C) MIME
D) SMTP
A) POP3
B) mbox
C) MIME
D) SMTP
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
35
Match each item with a statement below:
a.Contacts
f.Notepad
b.Pico
g.CISCO Pix
c.syslogd file
h.www.whatis.com
d.www.arin.net
i.Pine
e.PU020101.db
a registry Web site
a.Contacts
f.Notepad
b.Pico
g.CISCO Pix
c.syslogd file
h.www.whatis.com
d.www.arin.net
i.Pine
e.PU020101.db
a registry Web site
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
36
Match each item with a statement below:
a.Contacts
f.Notepad
b.Pico
g.CISCO Pix
c.syslogd file
h.www.whatis.com
d.www.arin.net
i.Pine
e.PU020101.db
command line e-mail program used with UNIX
a.Contacts
f.Notepad
b.Pico
g.CISCO Pix
c.syslogd file
h.www.whatis.com
d.www.arin.net
i.Pine
e.PU020101.db
command line e-mail program used with UNIX
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
37
Match each item with a statement below:
a.Contacts
f.Notepad
b.Pico
g.CISCO Pix
c.syslogd file
h.www.whatis.com
d.www.arin.net
i.Pine
e.PU020101.db
the electronic address book in Outlook
a.Contacts
f.Notepad
b.Pico
g.CISCO Pix
c.syslogd file
h.www.whatis.com
d.www.arin.net
i.Pine
e.PU020101.db
the electronic address book in Outlook
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
38
Match each item with a statement below:
a.Contacts
f.Notepad
b.Pico
g.CISCO Pix
c.syslogd file
h.www.whatis.com
d.www.arin.net
i.Pine
e.PU020101.db
the first folder the GroupWise server shares
a.Contacts
f.Notepad
b.Pico
g.CISCO Pix
c.syslogd file
h.www.whatis.com
d.www.arin.net
i.Pine
e.PU020101.db
the first folder the GroupWise server shares
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
39
Vendor-unique e-mail file systems, such as Microsoft .pst or .ost, typically use ____________________ formatting, which can be difficult to read with a text or hexadecimal editor.
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
40
Describe how e-mail account names are created on an intranet environment.
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
41
Briefly explain how to use AccessData FTK to recover e-mails.
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
42
Explain how to handle attachments during an e-mail investigation.
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
43
What kind of information is normally included in e-mail logs?
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
44
What are the steps for retrieving e-mail headers on Pine?
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
45
What are the steps for viewing e-mail headers in Hotmail?
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
46
Provide a brief description of Microsoft Exchange Server. Additionally, explain the differences between .edb and .stm files.
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
47
Why are network router logs important during an e-mail investigation?
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
48
What kind of information can you find in an e-mail header?
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 48 flashcards in this deck.
