312-49 · Question #266
312-49 Question #266: Real Exam Question with Answer & Explanation
The correct answer is D: Email Header. Email headers contain critical forensic metadata including the originating IP address, mail server relay hops, timestamps, Message-ID, and sender information. This chain of routing data is what allows investigators to trace an email back to its source. Routing tables reflect curr
Question
You are a computer forensics investigator working with local police department and you are called to assist in an investigation of threatening emails. The complainant has printed out 27 email messages from the suspect and gives the printouts to you. You inform her that you will need to examine her computer because you need access to the _________________________ in order to track the emails back to the suspect.
Options
- ARouting Table
- BFirewall log
- CConfiguration files
- DEmail Header
Explanation
Email headers contain critical forensic metadata including the originating IP address, mail server relay hops, timestamps, Message-ID, and sender information. This chain of routing data is what allows investigators to trace an email back to its source. Routing tables reflect current network paths and are not stored in email messages. Firewall logs may capture some traffic but lack the granular per-email origin details. Configuration files are not relevant to tracking individual messages. The email header is the primary artifact used in email forensics.
Topics
Community Discussion
No community discussion yet for this question.