Quiz on Email and Social Media Investigations - Module 13

Email headers contain which of the following information?

a. Sender and receiver email addresses

b. ESMTP number or reference number

c. The email servers the message traveled through to reach its destination

d. IP address of the receiving server

e. All of these choices

e. All of these choices

What is the first piece of information you should look for in an email message you're investigating?

a. Sender or receiver's email address

b. Originating email domain or IP address

c. Subject line content

d. Message number

a. Sender or receiver's email address

In Microsoft Outlook, emails are typically stored in which of the following?

a. .pst and .ost files

b. res1.log and res2.log files

c. PU020102.db file

d. .evolution file

a. .pst and .ost files

When searching a victim's computer for a crime committed with a specific email, which of the following provides information for determining the email's originator? (Choose all that apply.)

a. Email header

b. Username and password

c. Firewall log

d. All of these choices

a. Email header

c. Firewall log

Phishing does which of the following?

a. Uses DNS poisoning

b. Lures recipients with false promises

c. Takes people to fake websites

d. Uses DHCP

b. Lures recipients with false promises

Which of the following is a current formatting standard for email?

a. SMTP

b. MIME

c. Outlook

d. HTML

b. MIME

After examining email headers to find an email's originating address, investigators use forward lookups to track an email to a suspect. True or False?

a. True

b. False

b. False

When you access your email, what type of computer architecture are you using?

a. Mainframe and minicomputers

b. Domain

c. Client/server

d. None of these choices

c. Client/server

To trace an IP address in an email header, what type of lookup service can you use?

a. Intelius Inc.'s AnyWho online directory

b. Verizon's http://superpages.com

c. A domain lookup service, such as arin.net, internic.com, or whois.net

d. Any web search engine

c. A domain lookup service, such as arin.net, internic.com, or whois.net

Router logs can be used to verify what types of email data?

a. Message content

b. Content of attached files

c. Tracking flows through email server ports

d. Finding blind copies

c. Tracking flows through email server ports

Logging options on email servers can be which of the following? (Choose all that apply.)

a. Disabled by users

b. Set up in a circular logging configuration

c. Configured to a specified size before being overwritten

d. Set to periodic logging mode

b. Set up in a circular logging configuration

c. Configured to a specified size before being overwritten

d. Set to periodic logging mode

On a UNIX-like system, which file specifies where to save different types of email log files?

a. maillog

b. /var/spool/log

c. syslog.conf

d. log

c. syslog.conf

What information is never included in an email header?

a. Blind copy (bcc) addresses

b. Internet addresses

c. Domain name

d. Contents of the message

e. Type of email server used to send the email

d. Contents of the message

Which of the following types of files can provide useful information when you're examining an email server?

a. .dbf files

b. .emx files

c. .log files

d. .slf files

c. .log files

Email accessed with a web browser leaves files in temporary folders. True or False?

a. True

b. False

a. True

When confronted with an email server that no longer contains a log with the date information you need for your investigation and the client has deleted the email, what should you do? (Choose all that apply.)

a. Search available log files for any forwarded messages.

b. Restore the email server from a backup.

c. Check the current database files for an existing copy of the email.

d. Do nothing because after the file has been deleted, it can no longer be recovered.

a. Search available log files for any forwarded messages.

b. Restore the email server from a backup.

c. Check the current database files for an existing copy of the email.

You can view email headers in Notepad with all popular email clients. True or False?

a. True

b. False

a. True

To analyze email evidence, an investigator must be knowledgeable about an email server's internal operations. True or False?

a. True

b. False

b. False

Sendmail uses which file for instructions on processing an email message?

a. sendmail.cf

b. syslogd.conf

c. mese.ese

d. mapi.log

a. sendmail.cf

A forensic linguist may be able to determine if the same person wrote an email by analyzing chat logs and social media communications. True or False?

a. True

b. False

a. True