Please note that the question asked to 
"Document how you discovered the answers from the evidence file."

a) What is the source IP of the email sender? (0.5)
192.168.1.159

b) What is the computer ID of the email sender? (0.5)
annlaptop

c) Who is the sender of the email? (0.5)
kgb spycover

d) What username does the sender of the email use to log into the mail system? (1)
sneakyg33k@aol.com

e) What is the sender's email? (0.5)
sneakyycio@nsa.com

f) Do you find any vulnerabilities in the mail system? (1)
Yes, the mail system allowed the kgb spy to send email from a different address than he used for login.

g) What organization was the email sent to? (0.5)
nsa

h) What encoding scheme does the mail system for coding usernames/passwords use? (0.5)
BASE64 

i) What is the email password? (1)
558r00lz

j) Who was an email sent to? (0.5)
mistersecretx@nsa.com

k) What is the NAME of the attachment sent? (0.5)
secretrlocationn.docx

l) What is the person instructed to bring with him? (0.5)
Print out of the location file, fake password, bathing suit.

m) What is the MD5sum of the attachment sent? (1)
9e423e11db88f01bbff81172839e1923

n) In what CITY is their meeting point? (1)
Playa del Carmen (Mexico)

o) What is the MD5sum of the image embedded in the document? (1)
aadeace50997b1ba24b09ac2ef1940b7