Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Guide to Computer Forensics and Investigations, 5e
Ch. 11 Solutions-1
Chapter 11 Solutions
Review Questions
1. E-mail headers contain which of the following information? (Choose all that apply.)
2. What’s the main piece of information you look for in an e-mail message you’re
investigating?
3. In Microsoft Outlook, what are the e-mail storage files typically found on a client
computer?
4. When searching a victim’s computer for a crime committed with a specific e-mail,
which of the following provides information for determining the e-mail’s originator?
(Choose all that apply.)
5. Phishing does which of the following?
6. Which of the following is a current formatting standard for e-mail?
7. All e-mail headers contain the same types of information. True or False?
8. When you access your e-mail, what type of computer architecture are you using?
9. To trace an IP address in an e-mail header, what type of lookup service can you use?
(Choose all that apply.)
10. Router logs can be use for validating what types of e-mail data?
11. Logging options on many e-mail servers can be:
12. On a UNIX-like system, which file specifies where to save different types of e-mail
log files?
Guide to Computer Forensics and Investigations, 5e
Ch. 11 Solutions-2
13. What information is not in an e-mail header? (Choose all that apply.)
14. Which of the following types of files can provide useful information when you’re
examining an e-mail server?
15. Internet e-mail accessed with a Web browser leaves files in temporary folders. True
or False?
16. When confronted with an e-mail server that no longer contains a log with the date
information you require for your investigation, and the client has deleted the e-mail,
what should you do?
17. You can view e-mail headers in Notepad with all popular e-mail clients. True or
False?
18. To analyze e-mail evidence, an investigator must be knowledgeable about an e-mail
server’s internal operations. True or False?
19. Sendmail uses which file for instructions on processing an e-mail message?
20. The term “via Frontend Transport” in a header indicates that the e-mail is on which
of the following?
Hands-On Projects
Hands-On Project 11-1
This project should yield a long spreadsheet. Students’ papers should note that a database
Hands-On Project 11-2
Students should find that ProDiscover Basic isn’t efficient in dealing with e-mails and recommend
other ways of searching or different tools.
Hands-On Project 11-3
Results will vary, depending on the topic and person students chose.
Case Projects
Guide to Computer Forensics and Investigations, 5e
Ch. 11 Solutions-3
Case Project 11-1
Students’ responses will vary, but they should at least include time-sensitive issues, witness
interviews, use of e-mail headers to trace e-mails, warrants or subpoenas, contacting ISPs,
Case Project 11-2
Answers will vary by state. For example, in Washington State, running away is not a crime, so law
enforcement is unable to help in a case that’s solely a runaway issue. Similar to Case Project 11-1,
Case Project 11-3
To protect their own and others’ personal information, professionals should use a valid Facebook
