You are working in the Security Department of a law firm. One of the attorneys asks you about the topic of sending fake email because he has a client who has been charged with doing just that. His client alleges that he is innocent and that there is no way for a fake email to actually be sent. You inform the attorney that his client is mistaken and that fake email is a possibility and that you can prove it. You return to your desk and craft a fake email to the attorney that appears to come from his boss.

What port do you send the email to on the company SMTP server?

When marking evidence that has been collected with the aa/ddmmyy/nnnn/zz format, what does the nnn denote?

If you are concerned about a high level of compression but not concerned about any possible data loss, what type of compression would you use?

When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

What type of equipment would a forensics investigator store in a StrongHold bag?

When investigating a network that uses DHCP to assign IP addresses, where would you look to determine which system (MAC address) had a specific IP address at a specific time?

When making the preliminary investigations in a sexual harassment case, how many investigators are you recommended having?

What layer of the OSI model do TCP and UDP utilize?

With regard to using an antivirus scanner during a computer forensics investigation, you should:

You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved.

What should you examine next in this case?