Chat with AI
Deck 8: E-Mail and Webmail Forensics
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Match between columns
Question
Match between columns
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/32
Play
Full screen (f)
Deck 8: E-Mail and Webmail Forensics
1
The logical address of the sender is composed of two parts:
A)The client name and the hostname
B)The mailbox and the domain or hostname
C)The server name and the client name
D)The POP3 name and the SMTP name
A)The client name and the hostname
B)The mailbox and the domain or hostname
C)The server name and the client name
D)The POP3 name and the SMTP name
B
2
Which of the following are NOT considered important when working with RAID systems?
A)Transmission speed
B)Type of controller
C)Size of array
D)Type of hard drive
A)Transmission speed
B)Type of controller
C)Size of array
D)Type of hard drive
D
3
If you found the mail[#] keyword in an evidence search,you could assume the user has access to the ________ webmail program.
Gmail
4
What portion of an e-mail records such information as the identity of the creator?
A)The trailer
B)The body
C)The header
D)None of these
A)The trailer
B)The body
C)The header
D)None of these
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
5
What percentage of firms have said they have fired workers for Internet misuse?
A)45 percent
B)22 percent
C)35 percent
D)26 percent
A)45 percent
B)22 percent
C)35 percent
D)26 percent
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
6
Which of the following file extensions would most likely be found in an e-mail search for someone using Outlook?
A).eml
B).wab
C).dbx
D).mbx
A).eml
B).wab
C).dbx
D).mbx
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
7
Which RAID array uses a minimum of three disks,two for striping and one to store parity information?
A)RAID 9
B)RAID 5
C)RAID 3
D)RAID 1
A)RAID 9
B)RAID 5
C)RAID 3
D)RAID 1
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
8
Where is the best place to look for evidence that a person has been using webmail?
A)\Documents and Settings\Windowsuserid\Local Settings\Temp
B)\Documents and Settings\Windowsuserid\Local Settings\Temporary Internet Files
C)\Documents and Settings\Windowsuserid\Local Settings\Temporary Files
D)\Documents and Settings\Windowsuserid\Local Settings\Internet Files
A)\Documents and Settings\Windowsuserid\Local Settings\Temp
B)\Documents and Settings\Windowsuserid\Local Settings\Temporary Internet Files
C)\Documents and Settings\Windowsuserid\Local Settings\Temporary Files
D)\Documents and Settings\Windowsuserid\Local Settings\Internet Files
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
9
?Working with mail servers can be a challenge for all of the following reasons EXCEPT
A)These programs service hundreds or even thousands of accounts
B)It may not be possible to get forensic access to the accounts
C)Servers are particularly hard to access in small companies
D)Companies may have policies in place to limit the time data is retained
A)These programs service hundreds or even thousands of accounts
B)It may not be possible to get forensic access to the accounts
C)Servers are particularly hard to access in small companies
D)Companies may have policies in place to limit the time data is retained
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
10
Because there is no one standard for instant messaging,
A)Messages often have widely differing formats
B)Both IM participants typically have to use the same chat software
C)IM is generally not used for business purposes
D)An investigator may have to use a generic program to access messages
A)Messages often have widely differing formats
B)Both IM participants typically have to use the same chat software
C)IM is generally not used for business purposes
D)An investigator may have to use a generic program to access messages
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
11
Of the following,which is NOT considered a Regional Internet Registry?
A)AfriNIC
B)APNIC
C)LATNIC
D)ARIN
A)AfriNIC
B)APNIC
C)LATNIC
D)ARIN
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
12
E-mail attachments can be found within slack space by searching for
A)The keyword base64
B)The keyword base32
C)The keyword base16
D)The keyword base8
A)The keyword base64
B)The keyword base32
C)The keyword base16
D)The keyword base8
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
13
Which of the following is NOT a webmail program?
A)Yahoo!Mail
B)Hotmail
C)LotusMail
D)Gmail
A)Yahoo!Mail
B)Hotmail
C)LotusMail
D)Gmail
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
14
Which e-mail program comes with Microsoft Office?
A)Outlook
B)Outlook Express
C)Eudora
D)Office Notes
A)Outlook
B)Outlook Express
C)Eudora
D)Office Notes
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
15
A person using webmail may be able to use a program such as ________ to connect to the server and thus download messages to work with offline.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
16
E-mail software is a(n)________ program that works in concert with a(n)________.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
17
One of the challenges when trying to find webmail evidence is that
A)Webmail is more widely used than client programs
B)Webmail accounts are harder to access
C)Webmail accounts are easier to use
D)E-mails from webmail accounts are not typically stored on the user's computer
A)Webmail is more widely used than client programs
B)Webmail accounts are harder to access
C)Webmail accounts are easier to use
D)E-mails from webmail accounts are not typically stored on the user's computer
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
18
In Outlook Express,each e-mail account is given a Microsoft ________,which is a unique hexadecimal representation for that account.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
19
You can look in the ________ folder to find applications such as Eudora or Lotus Notes.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
20
E-mail client programs are generally configured to communicate with
A)One or more servers
B)One or more hosts
C)A single user account
D)Internet clients
A)One or more servers
B)One or more hosts
C)A single user account
D)Internet clients
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
21
________ uses two or more hard drives accessed in parallel to create a pool of storage.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
22
The tool often used for quick communications without resorting to e-mail is________ .
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
23
According to many Americans,________ violate their privacy and their First Amendment rights.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
24
A(n)________ server resolves domain names to IP addresses.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
25
Attachments are normally handled using a(n)_______ binary-to-text encoding scheme.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
26
Error-corrective coding (ECC),also known as ________,is used to check the validity of striped data.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
27
To handle attachments now being included in e-mail,________ ,a new standard,was introduced.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
28
The ________ comes before the @ sign in an e-mail address
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
29
________ is writing the same data in two places.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
30
A check of the ________ will determine how long a company keeps e-mails.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
31
Match between columns
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
42
Match between columns
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
