Chapter 11: E-mail and Social Media Investigations

For digital investigators, tracking intranet e-mail is easier because accounts use standard names the administrator establishes.
a. True
b. False

True

Investigating crimes or policy violations involving e-mail is different than investigating other types of computer abuse and crimes.
a. True
b. False

False

. E-mail programs either save e-mail messages on the client computer or leave them on the server.
a. True
b. False

True

All e-mail servers use databases that store multiple users' e-mails.
a. True
b. False

False

Like UNIX e-mail servers, Exchange maintains logs to track e-mail communication.
a. True
b. False

True

Forensic linguistics encompasses civil cases, criminal cases, cyberterrorism cases, and other legal proceedings.
a. True
b. False

True

E-mail crimes and violations rarely depend on the city, state, and country in which the e-mail originated.
a. True
b. False

False

Evidence artifacts vary depending on the social media channel and the device.
a. True
b. False

True

A challenge with using social media data in court is authenticating the author and the information.
a. True
b. False

True

You can send and receive e-mail in two environments: via the Internet or an intranet (an internal network).
a. True
b. False

True

What name is used for the configuration typically used for e-mail messages that are distributed from a central server to many connected client computers?
a. Client/server architecture b. Central distribution architecture
c. Client architecture d. Peer-to-peer architecture

Client/server architecture

In an e-mail address, what symbol separates the domain name from the rest of the address?
a. # b. .
c. @ d. -

@

In what type of e-mail programs can the user copy an e-mail message by dragging the message to a storage medium, such as a folder or drive?
a. Command-line b. Shell-based
c. Prompt-based d. GUI

d. GUI

What is the main information being sought when examining e-mail headers?
a. The date and time the e-mail was sent b. The originating e-mail's domain name or an IP address
c. The type of attachments included, if any d. The types of encryption used

The originating e-mail's domain name or an IP address

To retrieve e-mail headers in Microsoft Outlook, what option should be clicked after the e-mail has been selected?
a. File, Options b. Source Details
c. File, Properties d. Message Source

File, Properties

In Web-based e-mail, how are messages displayed and saved?
a. As web pages b. As .rtf files
c. As .txt files d. As CSS codes

As web pages

In which discipline do professionals listen to voice recordings to determine who's speaking or read e-mail and other writings known to be by a certain person and determine whether that person wrote the e-mail or letter in question?
a. Communication forensics b. Forensic linguistics
c. Linguistic analysis d. Communication linguistics

Forensic linguistics

To view Gmail Web e-mail headers, what should be clicked after the e-mail has been opened and the down arrow next to the Reply circular arrow has been clicked?
a. More options b. Message properties
c. Options d. Show original

Show original

To view e-mail headers on Yahoo!, what should be clicked on after "More" has been selected?
a. Advanced b. General Preferences
c. Message Properties d. View Raw Message`

View Raw Message

In Microsoft Outlook, what file extension is used with saved sent, drafted, deleted, and received e-mails?
a. .ost b. .eml
c. .msg d. .pst

pst

Which site can be used to verify the names of domains a message is flowing through?
a. www.dkim.org b. www.google.com
c. www.whatis.com d. www.juno.com

www.dkim.org

Which type of logging allocates space for a log file on the server, and then starts overwriting from the beginning when logging reaches the end of the time frame or the specified log size?
a. Continuous logging b. Automatic logging
c. Circular logging d. Server logging

Circular logging

Which files provide helpful information to an e-mail investigation?
a. Configuration and batch files b. Log and configuration files
c. Log files and scripts d. .rts and .txt files

Log and configuration files

Which location contains configuration information for Sendmail?
a. /etc/sendmail.cf b. /etc/syslog.conf
c. /etc/var/log/maillog d. /var/log/maillog

/etc/sendmail.cf

In which directory do UNIX installations typically store logs?
a. /etc/Log b. /log
c. /etc/var/log d. /var/log

/var/log

In which log does Exchange log information about changes to its data?
a. Checkpoint b. Communication
c. Transaction d. Tracking

Transaction

In Exchange, what type of file is inserted in the transaction log to mark the last point at which the database was written to disk in order to prevent loss of data?
a. Tracking b. Checkpoint
c. Temporary d. Milestone

Checkpoint

In Microsoft Exchange, which file is responsible for messages formatted with MAPI?
a. .edb b. .cfg
c. .mbx d. .mapi

.edb

Which information from Facebook simply tells you the last time a person logged on, the person's e-mail address and mobile number, and whether the account can be viewed publicly?
a. Extended subscriber b. Advanced subscriber
c. Subscriber profile d. Basic subscriber

Basic subscriber

What format is used for the flat plaintext files some e-mail systems use for message storage?
a. POP3 b. mbox
c. css d. SMTP

mbox