Name:
Class:
Date:
Indicate whether the statement is true or false.
1. In an e-mail address, everything before the @ symbol represents the domain name.
a.
True
b.
False
2. An Internet e-mail server is generally part of a local network, and is maintained and managed by an administrator for
internal use by a specific company.
a.
True
b.
False
3. The DomainKeys Identified Mail service is a way to verify the names of domains a message is flowing through and
was developed as a way to cut down on spam.
a.
True
b.
False
4. Committing crimes with e-mail is uncommon, and investigators are not generally tasked with linking suspects to e-
mail.
a.
True
b.
False
5. The Pagefile.sys file on a computer can contain message fragments from instant messaging applications.
a.
True
b.
False
Indicate the answer choice that best completes the statement or answers the question.
6. What type of Facebook profile is usually only given to law enforcement with a warrant?
a.
basic profile
b.
Neoprint profile
c.
advanced profile
d.
private profile
7. Select the program below that can be used to analyze mail from Outlook, Thunderbird, and Eudora.
a.
AccessData FTK
b.
R-Tools R-Mail
c.
DataNumen
d.
Fookes Aid4Mail
8. One of the most noteworthy e-mail scams was 419, otherwise known as the _______________.
a.
Iloveyou Scam
b.
Conficker virus
c.
Nigerian Scam
d.
Lake Venture Scam
9. Where does the Postfix UNIX mail server store e-mail?
Name:
Class:
Date:
a.
/etc/postfix
b.
/var/mail/postfix
c.
/home/username/mail
d.
/var/spool/postfix
10. In what state is sending unsolicited e-mail illegal?
a.
Maine
b.
New York
c.
Florida
d.
Washington
11. What kind of files are created by Exchange while converting binary data to readable text in order to prevent loss of
data?
a.
.txt
b.
.log
c.
.tmp
d.
.exe
12. On a UNIX system, where is a user’s mail stored by default?
a.
/username/mail
b.
/home/username/mail
c.
/var/log/mail
d.
/var/mail
13. In older versions of exchange, what type of file was responsible for messages formatted with Messaging Application
Programming Interface, and served as the database file?
a.
.edi
b.
.edp
c.
.ost
d.
.edb
14. What information is not typically included in an e-mail header?
a.
The originating IP address
b.
The sender’s physical location
c.
The originating domain
d.
The unique ID of the e-mail
15. Which e-mail recovery program below can recover files from VMware and VirtualPC virtual machines, as well as
ISOs and other types of file backups?
a.
AccessData FTK
b.
EnCase Forensics
c.
DataNumen Outlook Repair
d.
Fookes Aid4mail
16. Syslog is generally configured to put all e-mail related log information into what file?
Name:
Class:
Date:
a.
/var/log/messages
b.
/var/log/maillog
c.
/usr/log/mail.log
d.
/proc/mail
17. The _______________ utility can be used to repair .ost and .pst files, and is included with Microsoft Outlook.
a.
repairpst.exe
b.
fixmail.exe
c.
scanpst.exe
d.
rebuildpst.exe
18. The Suni Munshani v. Signal Lake Venture Fund II, LP et al case is an example of a case that involves e-mail
____________.
a.
destruction
b.
spoofing
c.
spamming
d.
theft
19. Which option below is the correct path to the sendmail configuration file?
a.
/var/mail/sendmail.cf
b.
/usr/local/sendmail.cf
c.
/etc/mail/sendmail.cf
d.
/var/etc/sendmail.cf
20. What command below could be used on a UNIX system to help locate log directories?
a.
detail
b.
show log
c.
search
d.
find
21. In order to retrieve logs from exchange, the PowerShell cmdlet _______________________ can be used.
a.
GetLogInfo.ps1
b.
GetTransactionLogStats.ps1
c.
GetExchangeLogs.ps1
d.
ShowExchangeHistory.ps1
22. Which service below does not put log information into /var/log/maillog?
a.
Exchange
b.
SMTP
c.
POP
d.
IMAP
23. E-mail administrators may make use of _________________, which overwrites a log file when it reaches a specified
size or at the end of a specified time frame.
Name:
Class:
Date:
a.
log cycling
b.
circular logging
c.
log recycling
d.
log purging
24. What service below can be used to map an IP address to a domain name, and then find the domain name’s point of
contact?
a.
Google
b.
ERIN
c.
iNet
d.
ARIN
25. Exchange uses an Exchange database and is based on the _______________________, which uses several files in
different combinations to provide e-mail service.
a.
Microsoft Extended Mail Storage (EMS)
b.
Microsoft Mail Storage Engine (MSE)
c.
Microsoft Extensible Storage Engine (ESE)
d.
Microsoft Stored Mail Extensions (SME)
Enter the appropriate word(s) to complete the statement.
26. Exchange servers maintain message logs in the ________________ log file.
27. The ___________ UNIX e-mail server has two primary configuration files, master.cf and main.cf
28. The ____________________ includes logging instructions and is located within the /etc directory. It determines
what happens to an e-mail when it is logged: the event, priority level, and the action taken.
29. Similar to ARIN, the ____________ can be used to find a domain’s IP address and point of contact.
30. Many web-based e-mail providers offer _______________ services, such as Yahoo! Messenger and Google Talk.
a.
client server / architecture
b.
Electronic Communications Privacy Act (ECPA)
c.
Enhanced/Extended Simple Mail Transfer Protocol
(ESMTP)
d.
Internet Message Access Protocol 4 (IMAP4)
e.
mbox
f.
Messaging Application Programming Interface
(MAPI)
g.
Multipurpose Internet Mail Extensions (MIME)
h.
online social networks (OSNs)
i.
pharming
j.
phishing
31. A method of storing e-mail messages in a flat plaintext file
32. An enhancement of SMTP for sending and receiving e-mail messages. ESMTP generates a unique, nonrepeatable
number that’s added to a transmitted e-mail. No two messages transmitted from an e-mail server have the same ESMTP
value.
Name:
Class:
Date:
33. A law enacted in 1986 to extend the Wiretap Act to cover e-mail and other data transmitted via the Internet.
34. A term researchers use for social media.
35. A type of e-mail scam that’s typically sent as spam soliciting personal identity information that fraudsters can use for
identity theft.
36. A protocol for retrieving e-mail messages; it’s slowly replacing POP3.
37. A type of e-mail scam that uses DNS poisoning to redirect readers to a fake
Web site.
38. A specification for formatting non-ASCII messages, such as graphics, audio, and video, for transmission over the
Internet.
39. A network architecture in which each computer or process on the network is a client or server. Clients request services
from a server, and a server processes requests from clients.
40. The Microsoft system that enables other e-mail applications to work with each other
41. Compare and contrast email services on Internet and an intranet.
42. Describe the two different types of Facebook profiles.
43. After a crime has been committed involving e-mail, how should forensics investigators proceed?
44. Describe the e-mail client / server architecture.
45. Explain some of the difficulties in using social media sites as sources of forensic data.
46. List three (3) web pages that can be used to determine point of contact for a domain, and describe how each is used.
47. Describe the Nigerian scam.
48. What is the syslog.conf file, and how is it used?
49. What is Exchange, and what information within Exchange is most valuable to investigations?
50. How can routers be used to determine the path of an e-mail?
Name:
Class:
Date:
Name:
Class:
Date:
Name:
Class:
Date:
Name:
Class:
Date: