Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

9781435498839_Sol_ch12

advertisement 
Guide to Computer Forensics and Investigations, 4th ed., 1435498836
Ch. 12
Solutions-1
Chapter 12 Solutions
Review Questions
1.
E-mail headers contain which of the following information? (Choose all that apply.)
a. The sender and receiver e-mail addresses
b. An Enhanced Simple Mail Transport Protocol (ESMTP) or reference number
c. The e-mail servers the message traveled through to reach its destination
2.
What’s the main piece of information you look for in an e-mail message you’re
investigating?
b. Originating e-mail domain or IP address
3.
In Microsoft Outlook, what are the e-mail storage files typically found on a client
computer?
a. .pst and .ost
4.
When searching a victim’s computer for a crime committed with a specific e-mail,
which of the following provides information for determining the e-mail’s originator?
(Choose all that apply.)
a. E-mail header
c. Firewall log
5.
UNIX, NetWare, and Microsoft e-mail servers create specialized databases for every
e-mail user. True or False?
False
6.
Which of the following is a current formatting standard for e-mail?
b. MIME
7.
All e-mail headers contain the same types of information. True or False?
True
8.
When you access your e-mail, what type of computer architecture are you using?
c. Client/server
9.
To trace an IP address in an e-mail header, what type of lookup service can you use?
(Choose all that apply.)
c. A domain lookup service, such as www.arin.net, www.internic.com, or
www.whois.net
d. Any Web search engine
10. Router logs can be use for validating what types of e-mail data?
c. Tracking flows through e-mail server ports
11. Logging options on many e-mail servers can be:
d. All of the above
12. In UNIX e-mail, the syslog.conf file contains what information?
b. The event, the priority level of concern, and the action taken when an e-mail is
logged
Guide to Computer Forensics and Investigations, 4th ed., 1435498836
Ch. 12
Solutions-2
13. What information is not in an e-mail header? (Choose all that apply.)
a. Blind copy (Bcc) addresses
d. Contents of the message
14. Which of the following types of files can provide useful information when you’re
examining an e-mail server?
c. .log files
15. Internet e-mail accessed with a Web browser leaves files in temporary folders. True
or False?
True
16. When confronted with an e-mail server that no longer contains a log with the date
information you require for your investigation, and the client has deleted the e-mail,
what should you do?
b. Restore the e-mail server from a backup.
17. You can view e-mail headers in all popular e-mail clients. True or False?
True
18. To analyze e-mail evidence, an investigator must be knowledgeable about an e-mail
server’s internal operations. True or False?
False
19. What is the e-mail storage format in Novell Evolution?
c. Mbox
20. Sendmail uses which file for instructions on processing an e-mail message?
a. sendmail.cf
Hands-On Projects
Hands-On Project 12-1
This project should produce 3 hits in 3 files for the word “cash” and 15 hits in 7 files for the word
“money.” The report students write should list all files and any duplicate files the two searches
might have generated.
Hands-On Project 12-2
This project gives students experience in sorting through e-mails manually to locate messages with
attachments and then explaining what they have found. They should discover that one JPEG file’s
extension was modified so that the message could get past the receiver’s antivirus filter. Students
should note this modification in their reports.
Hands-On Project 12-3
Students should locate six deleted messages that FTK recovered and list any information about
money and who is requesting it.
Hands-On Project 12-4
Guide to Computer Forensics and Investigations, 4th ed., 1435498836
Ch. 12
Solutions-3
In this project, students locate all Internet addresses and e-mail addresses, export them to an
HTML file, and then print the file from a Web browser.
Hands-On Project 12-5
In this project, students practice manually carving message data from a tarball file of Martha
Dax’s .evolution e-mail directory. Only two messages contain the string “special project.” For the
first message, the beginning offset position is 0x0026E4E, and the ending offset position is
0x002712A. The second file’s beginning offset is 0x0070FA1, and the ending offset is
0x00710ED.
Case Projects
Case Project 12-1
Students’ responses will vary, but they should at least include time-sensitive issues, witness
interviews, use of e-mail headers to trace e-mails, warrants or subpoenas, contacting ISPs,
reviewing logs, and so forth. Students in law enforcement might describe different procedures,
such as notifying law enforcement of the situation first; they should also include steps such as
issuing subpoenas to identify the e-mail’s point of origin.
Case Project 12-2
Answers will vary by state. For example, in Washington State, running away is not a crime, so law
enforcement is unable to help in a case that’s solely a runaway issue. Similar to Case Project 12-1,
students’ reports should include examining the runaway’s computer to search for correspondence
that might provide information on her whereabouts. If any messages indicate where she might
have gone, students’ reports should explain what steps to take to notify law enforcement.
Case Project 12-3
Students’ reports should outline steps to confirm or deny the allegation of a possible ITAR
violation and mention consulting with the company’s general counsel to avoid becoming an agent
of law enforcement. Students should also state that the investigation should be done before
contacting federal authorities and under the general counsel’s guidance if the allegation is found to
be true.
Case Project 12-4
Similar to the Signal Lake Venture Fund case covered in this chapter, students should state that
messages from Mary Jane had duplicate ESMTP numbers, and these messages were found only on
Billy’s computer.
Related documents
Place Value Practice - Reading Community Schools
Place Value Practice - Reading Community Schools
SIOP Chapter 7 - Moroni-ITEP
SIOP Chapter 7 - Moroni-ITEP
“The Beauty of Science: Using Art in the Middle School Science
“The Beauty of Science: Using Art in the Middle School Science
RISE internship scheme
RISE internship scheme
Powerpoint - tesol
Powerpoint - tesol
9781435498839_Sol_ch05
9781435498839_Sol_ch05
Using Hands-On Learning Manipulatives to Support Emergent
Using Hands-On Learning Manipulatives to Support Emergent
Title of the Paper - ASEE
Title of the Paper - ASEE
Sendmail Lab Part 2 - Seneca
Sendmail Lab Part 2 - Seneca
Sample Script of a sendmail install.
Sample Script of a sendmail install.
Download
advertisement