Chapter 11 Homework Restore The Email Server From Backup 17

Unlock access to all the studying documents.

View Full Document

Guide to Computer Forensics and Investigations, 5e

Ch. 11 Solutions-1

Chapter 11 Solutions

Review Questions

1. E-mail headers contain which of the following information? (Choose all that apply.)

2. What’s the main piece of information you look for in an e-mail message you’re

investigating?

3. In Microsoft Outlook, what are the e-mail storage files typically found on a client

computer?

4. When searching a victim’s computer for a crime committed with a specific e-mail,

which of the following provides information for determining the e-mail’s originator?

(Choose all that apply.)

5. Phishing does which of the following?

6. Which of the following is a current formatting standard for e-mail?

7. All e-mail headers contain the same types of information. True or False?

8. When you access your e-mail, what type of computer architecture are you using?

9. To trace an IP address in an e-mail header, what type of lookup service can you use?

(Choose all that apply.)

10. Router logs can be use for validating what types of e-mail data?

11. Logging options on many e-mail servers can be:

12. On a UNIX-like system, which file specifies where to save different types of e-mail

log files?

Guide to Computer Forensics and Investigations, 5e

Ch. 11 Solutions-2

13. What information is not in an e-mail header? (Choose all that apply.)

14. Which of the following types of files can provide useful information when you’re

examining an e-mail server?

15. Internet e-mail accessed with a Web browser leaves files in temporary folders. True

or False?

16. When confronted with an e-mail server that no longer contains a log with the date

information you require for your investigation, and the client has deleted the e-mail,

what should you do?

17. You can view e-mail headers in Notepad with all popular e-mail clients. True or

False?

18. To analyze e-mail evidence, an investigator must be knowledgeable about an e-mail

server’s internal operations. True or False?

19. Sendmail uses which file for instructions on processing an e-mail message?

20. The term “via Frontend Transport” in a header indicates that the e-mail is on which

of the following?

Hands-On Projects

Hands-On Project 11-1

This project should yield a long spreadsheet. Students’ papers should note that a database

Hands-On Project 11-2

Students should find that ProDiscover Basic isn’t efficient in dealing with e-mails and recommend

other ways of searching or different tools.

Hands-On Project 11-3

Results will vary, depending on the topic and person students chose.

Case Projects

Guide to Computer Forensics and Investigations, 5e

Ch. 11 Solutions-3

Case Project 11-1

Students’ responses will vary, but they should at least include time-sensitive issues, witness

interviews, use of e-mail headers to trace e-mails, warrants or subpoenas, contacting ISPs,

Case Project 11-2

Answers will vary by state. For example, in Washington State, running away is not a crime, so law

enforcement is unable to help in a case that’s solely a runaway issue. Similar to Case Project 11-1,

Case Project 11-3

To protect their own and others’ personal information, professionals should use a valid Facebook