When investigating a potential e-mail crime, what is your first step in the investigation?
When investigating a potential e-mail crime, what is your first step in the investigation?
When investigating a potential e-mail crime, the first step is to determine whether a crime was actually committed. Without establishing that a crime has occurred, subsequent steps like tracing the IP address, writing a report, or recovering the evidence would be premature. This foundational step ensures that resources are appropriately allocated to genuine cases of criminal activity.
From the official EC Council courseware - step 1 is recover the evidence. Seize the email accounts, acquire the email data, examine the messages and then the headers.
The question is unclear as to what stage of the process the investigation is at. At the very beginning of an email investigation, wouldn't you want to retrieve the email in question?
I agree with JDKirk, if it's a "potential" crime and this is the first step, why would we start tracing IP addresses and how could we trace IP addresses if we didn't first recover the evidence? ...maybe the word, "recover" excludes D as the best choice since it means specifically that something was hidden or destroyed which isn't necessarily the case within this context so the next best answer is tracing the IP address?
It’s referencing email related crimes , first thing to is trace the IP seems more logical in this context
Steps to investigate an email crime: 1. Seizing the computer and email accounts 2. Acquiring the email data 3. Examining email messages 4. Retrieving email headers 5. Analyzing email headers 6. Recovering deleted email messages
C would be the first step before you start your work.
The word is potential. Did anything actually happen.