Homework #3 Chapters 7 and 12 LastName

Part I Textbook

First Name

1) Page 284286 Review Questions You are required to write down Question and answer 2) Page 488490 Review Questions You are required to write down Question and answer

Part II. (chapter 12) TRUE/FALSE 1. For computer investigators, tracking intranet e-mail is relatively easy because the accounts use standard names established by the network or e-mail administrator. 2. You can always rely on the return path in an e-mail header to show the source account of an e-mail message. 3. E-mail programs either save e-mail messages on the client computer or leave them on the server. 4. All e-mail servers are databases that store multiple users e-mails. 5. Like UNIX e-mail servers, Exchange maintains logs to track e-mail communication. COMPLETION 1.You can send and receive e-mail in two environments:via the ____________________ or an intranet (an internal network). 2. An e-mail address in the Return-Path line of an e-mail header is usually indicated as the ____________________ field in an e-mail message. 3. Administrators usually set e-mail servers to ____________________ logging mode. 4. In UNIX e-mail servers, the ____________________ file simply specifies where to save different types of e-mail log files. 5. Vendor-unique e-mail file systems, such as Microsoft .pst or .ost, typically use ____________________ formatting, which can be difficult to read with a text or hexadecimal editor.

MATCHING Match each item with a statement below: a. Contacts b. Pico c. syslogd file d. www.arin.net e. PU020101.db 1. 2. 3. 4. 5. 6. 7. 8. 9. f. g. h. i. Notepad CISCO Pix www.whatis.com Pine

Web site to check file extensions and match the file to a program command line e-mail program used with UNIX text editor used with Windows the first folder the GroupWise server shares text editor used with UNIX the electronic address book in Outlook a network firewall device a registry Web site includes e-mail logging instructions SHORT ANSWER

1. (1) Describe how to trace an e-mail message by using www.arin.net or www.freeality.com . 2) Write down results for tracing your own email FAMmail and jim.shu@superorbicycles.biz

2. What kind of information is normally included in e-mail logs?

. 3. Describe the process of examining e-mail messages when you have access to the victims computer and when this access is not possible.

4.What are the steps for viewing e-mail headers in Hotmail?

5. (1) list the steps to retrieve an Outlook email header

(2)Provide a brief description of Microsoft Exchange Server. Additionally, explain the differences between .edb and .stm files.

Chapter 7
TRUE/FALSE 1. When you research for computer forensics tools, strive for versatile, flexible, and robust tools that provide technical support. 2. In software acquisition, there are three types of data-copying methods. 3. To help determine what computer forensics tool to purchase, a comparison table of functions, subfunctions, and vendor products is useful. 4. The Windows platforms have long been the primary command-line interface OSs. 5. After retrieving and examining evidence data with one tool, you should verify your results by performing the same tasks with other similar forensics tools. COMPLETION 1. Software forensic tools are grouped into command-line applications and ____________________ applications. 2. The Windows application of EnCase requires a(n) ____________________ device, such as FastBloc, to prevent Windows from accessing and corrupting a suspect disk drive. 3. The ____________________ function is the most demanding of all tasks for computer investigators to master. 4. Because there are a number of different versions of UNIX and Linux, these platforms are referred to as ____________________ platforms. 5. Hardware manufacturers have designed most computer components to last about ____________________ months between failures. MATCHING Match each item with a statement below a. JFIF b. Lightweight workstation c. Pagefile.sys d. Salvaging e. Raw data 1. 2. 3. 4. 5. 6. 7. 8. 9. f. g. h. i. PDBlock Norton DiskEdit Stationary workstation SafeBack

letters embedded near the beginning of all JPEG files European term for carving a direct copy of a disk drive usually a laptop computer built into a carrying case with a small selection of peripheral options one of the first MS-DOS tools used for a computer investigation software-enabled write-blocker system file where passwords may have been written temporarily a tower with several bays and many peripheral devices command-line disk acquisition tool from New Technologies, Inc.

SHORT ANSWER 1. What are the five major function categories of any computer forensics tool?

2. Explain the advantages and disadvantages of GUI forensics tools.

3.

(1) Illustrate how to consider hardware needs when planning your lab budget. Draw a diagram/table to list all equipments that you need

(2) Describe some of the problems you may encounter if you decide to build your own forensics workstation.
4.