Question 1

For older UNIX applications, such as mail or mailx, you can print the e-mail headers by using the ____ command.&#10;A) prn&#10;B) print&#10;C) prnt&#10;D) prt

Accepted Answer

The correct command to print the email headers for older UNIX applications like mail or mailx is "print".

Question 2

With many ____ e-mail programs, you can copy an e-mail message by dragging the message to a storage medium, such as a folder or disk.&#10;A) command-line&#10;B) shell-based&#10;C) prompt-based&#10;D) GUI

Accepted Answer

Graphical User Interface (GUI) is the type of program that allows the user to drag and drop files or messages to transfer them to a different location. Command-line, shell-based, and prompt-based programs typically require the user to input commands through a text interface, making it harder to copy messages through dragging and dropping.

Question 3

E-mail messages are distributed from one central server to many connected client computers, a configuration called ____.&#10;A) client/server architecture&#10;B) central distribution architecture&#10;C) client architecture&#10;D) peer-to-peer architecture

Accepted Answer

The described configuration, with one central server distributing messages to many client computers, is an example of client/server architecture.

Question 4

To view AOL e-mail headers click Action, ____ from the menu.&#10;A) More options&#10;B) Message properties&#10;C) Options&#10;D) View Message Source

Accepted Answer

To view AOL e-mail headers, you need to click "View Message Source" from the menu. This will open a new window with the complete email headers for the selected message, which can contain important information about the message's path and origin.

Question 5

For computer investigators, tracking intranet e-mail is relatively easy because the accounts use standard names established by the network or e-mail administrator.

Accepted Answer

Intranet e-mail accounts usually use standard names established by the network or e-mail administrator, which makes it easier for computer investigators to track them compared to external e-mails.

Question 6

Typically, UNIX installations are set to store logs such as maillog in the ____ directory.&#10;A) /etc/Log&#10;B) /log&#10;C) /etc/var/log&#10;D) /var/log

Accepted Answer

The best choice is D because /var/log is the standard directory used in UNIX installations to store log files, including maillog. Options A and B are not valid directory locations, and option C is incorrect as it includes an extra /etc directory in the path.

Question 7

Like UNIX e-mail servers, Exchange maintains logs to track e-mail communication.

Accepted Answer

Exchange, like many other email servers, maintains logs to track email communication for various purposes such as troubleshooting, auditing, and compliance. These logs contain information such as when an email was sent or received, the sender and recipient email addresses, the email message ID, and other relevant information.

Question 8

In an e-mail address, everything after the ____ symbol represents the domain name.&#10;A) #&#10;B) .&#10;C) @&#10;D) -

Accepted Answer

In an e-mail address, everything after the "@" symbol represents the domain name.

Question 9

To retrieve an Outlook Express e-mail header right-click the message, and then click ____ to open a dialog box showing general information about the message.&#10;A) Properties&#10;B) Options&#10;C) Details&#10;D) Message Source

Accepted Answer

Right-clicking on the email and selecting "Properties" will open a dialog box with general information about the message, including the email header. Options and Details do not provide access to the email header, and Message Source is not an option in Outlook Express.

Question 10

To view e-mail headers on Yahoo! click the ____ link in the Mail Options window, and then click Show all headers on incoming messages.&#10;A) Advanced&#10;B) General Preferences&#10;C) Message Properties&#10;D) More information

Accepted Answer

The correct option is "General Preferences" because in Yahoo! Mail, to view the full email headers, you would navigate to the Mail Options or Settings section and look for an option related to viewing or displaying email messages, where "General Preferences" is the relevant section for adjusting how emails are displayed, including the option to show all headers.

Question 11

To retrieve e-mail headers in Microsoft Outlook, right-click the e-mail message, and then click ____ to open the Message Options dialog box. The Internet headers text box at the bottom of the dialog box contains the message header.

A) Options
B) Details
C) Properties
D) Message Source

Accepted Answer

The answer of To retrieve e-mail headers in Microsoft Outlook,...

Question 12

In Exchange, to prevent loss of data from the last backup, a ____ file or marker is inserted in the transaction log to mark the last point at which the database was written to disk.&#10;A) tracking&#10;B) checkpoint&#10;C) temporary&#10;D) milestone

Accepted Answer

The answer of In Exchange, to prevent loss of data...

Question 13

All e-mail servers are databases that store multiple users' e-mails.

Accepted Answer

The answer of All e-mail servers are databases that store...

Question 14

Exchange logs information about changes to its data in a(n) ____ log.&#10;A) checkpoint&#10;B) communication&#10;C) transaction&#10;D) tracking

Accepted Answer

The answer of Exchange logs information about changes to its...

Question 15

You can always rely on the return path in an e-mail header to show the source account of an e-mail message.

Accepted Answer

The answer of You can always rely on the return...

Question 16

E-mail programs either save e-mail messages on the client computer or leave them on the server.

Accepted Answer

The answer of E-mail programs either save e-mail messages on...

Question 17

____ is a comprehensive Web site that has options for searching for a suspect, including by e-mail address, phone numbers, and names.&#10;A) www.freeality.com&#10;B) www.google.com&#10;C) www.whatis.com&#10;D) www.juno.com

Accepted Answer

The answer of ____ is a comprehensive Web site that...

Question 18

When working on a Windows environment you can press ____ to copy the selected text to the clipboard.&#10;A) Ctrl+A&#10;B) Ctrl+C&#10;C) Ctrl+V&#10;D) Ctrl+Z

Accepted Answer

The answer of When working on a Windows environment you...

Question 19

____ allocates space for a log file on the server, and then starts overwriting from the beginning when logging reaches the end of the time frame or the specified log size.&#10;A) Continuous logging&#10;B) Automatic logging&#10;C) Circular logging&#10;D) Server logging

Accepted Answer

The answer of ____ allocates space for a log file...

Question 20

____ contains configuration information for Sendmail, allowing the investigator to determine where the log files reside.&#10;A) /etc/sendmail.cf&#10;B) /etc/syslog.conf&#10;C) /etc/var/log/maillog&#10;D) /var/log/maillog

Accepted Answer

The answer of ____ contains configuration information for Sendmail, allowing...

Question 21

In UNIX e-mail servers, the ____________________ file simply specifies where to save different types of e-mail log files.

Accepted Answer

The answer of In UNIX e-mail servers, the ____________________ file...

Question 22

Match each item with a statement below:&#10;a.Contacts&#10;f.Notepad&#10;b.Pico&#10;g.CISCO Pix&#10;c.syslogd file&#10;h.www.whatis.com&#10;d.www.arin.net&#10;i.Pine&#10;e.PU020101.db&#10;text editor used with Windows

Accepted Answer

The answer of Match each item with a statement below:&#10;a.Contacts&#10;f.Notepad&#10;b.Pico&#10;g.CISCO...

Question 23

Match each item with a statement below:&#10;a.Contacts&#10;f.Notepad&#10;b.Pico&#10;g.CISCO Pix&#10;c.syslogd file&#10;h.www.whatis.com&#10;d.www.arin.net&#10;i.Pine&#10;e.PU020101.db&#10;text editor used with UNIX

Accepted Answer

The answer of Match each item with a statement below:&#10;a.Contacts&#10;f.Notepad&#10;b.Pico&#10;g.CISCO...

Question 24

GroupWise has ____ ways of organizing the mailboxes on the server.&#10;A) 2&#10;B) 3&#10;C) 4&#10;D) 5

Accepted Answer

The answer of GroupWise has ____ ways of organizing the...

Question 25

The Novell e-mail server software is called ____.&#10;A) Sendmail&#10;B) GroupWise&#10;C) Sawmill&#10;D) Guardian

Accepted Answer

The answer of The Novell e-mail server software is called...

Question 26

Match each item with a statement below:&#10;a.Contacts&#10;f.Notepad&#10;b.Pico&#10;g.CISCO Pix&#10;c.syslogd file&#10;h.www.whatis.com&#10;d.www.arin.net&#10;i.Pine&#10;e.PU020101.db&#10;Web site to check file extensions and match the file to a program

Accepted Answer

The answer of Match each item with a statement below:&#10;a.Contacts&#10;f.Notepad&#10;b.Pico&#10;g.CISCO...

Question 27

Match each item with a statement below:&#10;a.Contacts&#10;f.Notepad&#10;b.Pico&#10;g.CISCO Pix&#10;c.syslogd file&#10;h.www.whatis.com&#10;d.www.arin.net&#10;i.Pine&#10;e.PU020101.db&#10;a network firewall device

Accepted Answer

The answer of Match each item with a statement below:&#10;a.Contacts&#10;f.Notepad&#10;b.Pico&#10;g.CISCO...

Question 28

Describe the process of examining e-mail messages when you have access to the victim's computer and when this access is not possible.

Accepted Answer

The answer of Describe the process of examining e-mail messages...

Question 29

Match each item with a statement below:&#10;a.Contacts&#10;f.Notepad&#10;b.Pico&#10;g.CISCO Pix&#10;c.syslogd file&#10;h.www.whatis.com&#10;d.www.arin.net&#10;i.Pine&#10;e.PU020101.db&#10;includes e-mail logging instructions

Accepted Answer

The answer of Match each item with a statement below:&#10;a.Contacts&#10;f.Notepad&#10;b.Pico&#10;g.CISCO...

Question 30

An e-mail address in the Return-Path line of an e-mail header is usually indicated as the ____________________ field in an e-mail message.

Accepted Answer

The answer of An e-mail address in the Return-Path line...

Question 31

Administrators usually set e-mail servers to ____________________ logging mode.

Accepted Answer

The answer of Administrators usually set e-mail servers to ____________________...

Question 32

You can send and receive e-mail in two environments:via the ____________________ or an intranet (an internal network).

Accepted Answer

The answer of You can send and receive e-mail in...

Question 33

The GroupWise logs are maintained in a standard log format in the ____ folders.&#10;A) MIME&#10;B) mbox&#10;C) QuickFinder&#10;D) GroupWise

Accepted Answer

The answer of The GroupWise logs are maintained in a...

Question 34

Some e-mail systems store messages in flat plaintext files, known as a(n) ____ format.&#10;A) POP3&#10;B) mbox&#10;C) MIME&#10;D) SMTP

Accepted Answer

The answer of Some e-mail systems store messages in flat...

Question 35

Match each item with a statement below:&#10;a.Contacts&#10;f.Notepad&#10;b.Pico&#10;g.CISCO Pix&#10;c.syslogd file&#10;h.www.whatis.com&#10;d.www.arin.net&#10;i.Pine&#10;e.PU020101.db&#10;a registry Web site

Accepted Answer

The answer of Match each item with a statement below:&#10;a.Contacts&#10;f.Notepad&#10;b.Pico&#10;g.CISCO...

Question 36

Match each item with a statement below:&#10;a.Contacts&#10;f.Notepad&#10;b.Pico&#10;g.CISCO Pix&#10;c.syslogd file&#10;h.www.whatis.com&#10;d.www.arin.net&#10;i.Pine&#10;e.PU020101.db&#10;command line e-mail program used with UNIX

Accepted Answer

The answer of Match each item with a statement below:&#10;a.Contacts&#10;f.Notepad&#10;b.Pico&#10;g.CISCO...

Question 37

Match each item with a statement below:&#10;a.Contacts&#10;f.Notepad&#10;b.Pico&#10;g.CISCO Pix&#10;c.syslogd file&#10;h.www.whatis.com&#10;d.www.arin.net&#10;i.Pine&#10;e.PU020101.db&#10;the electronic address book in Outlook

Accepted Answer

The answer of Match each item with a statement below:&#10;a.Contacts&#10;f.Notepad&#10;b.Pico&#10;g.CISCO...

Question 38

Match each item with a statement below:&#10;a.Contacts&#10;f.Notepad&#10;b.Pico&#10;g.CISCO Pix&#10;c.syslogd file&#10;h.www.whatis.com&#10;d.www.arin.net&#10;i.Pine&#10;e.PU020101.db&#10;the first folder the GroupWise server shares

Accepted Answer

The answer of Match each item with a statement below:&#10;a.Contacts&#10;f.Notepad&#10;b.Pico&#10;g.CISCO...

Question 39

Vendor-unique e-mail file systems, such as Microsoft .pst or .ost, typically use ____________________ formatting, which can be difficult to read with a text or hexadecimal editor.

Accepted Answer

The answer of Vendor-unique e-mail file systems, such as Microsoft...

Question 40

Describe how e-mail account names are created on an intranet environment.

Accepted Answer

The answer of Describe how e-mail account names are created...

Question 41

Briefly explain how to use AccessData FTK to recover e-mails.

Accepted Answer

The answer of Briefly explain how to use AccessData FTK...

Question 42

Explain how to handle attachments during an e-mail investigation.

Accepted Answer

The answer of Explain how to handle attachments during an...

Question 43

What kind of information is normally included in e-mail logs?

Accepted Answer

The answer of What kind of information is normally included...

Question 44

What are the steps for retrieving e-mail headers on Pine?

Accepted Answer

The answer of What are the steps for retrieving e-mail...

Question 45

What are the steps for viewing e-mail headers in Hotmail?

Accepted Answer

The answer of What are the steps for viewing e-mail...

Question 46

Provide a brief description of Microsoft Exchange Server. Additionally, explain the differences between .edb and .stm files.

Accepted Answer

The answer of Provide a brief description of Microsoft Exchange...

Question 47

Why are network router logs important during an e-mail investigation?

Accepted Answer

The answer of Why are network router logs important during...

Question 48

What kind of information can you find in an e-mail header?

Accepted Answer

The answer of What kind of information can you find...

Deck 12: E-Mail Investigations