UNIVERSITY EXAMINATIONS: 2018
EXAMINATION FOR THE DEGREE OF BACHELOR OF SCIENCE IN
INFORMATION TECHNOLOGY
BAC3305 HUMAN ASPECTS OF FORENSICS
FULL TIME/PART TIME/DISTANCE LEARNING
DATE: DECEMBER 2018 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE [30 MARKS]
a) Identify and describe the four steps of the social engineering lifecycle (8 Marks)
b) Into which two primary categories can all social engineering attacks be divided? (2 Marks)
c) i) What methods exist for information gathering? (2 Marks)
ii) Provide two examples for each method of information gathering identifying the method
it belongs to and explaining how the example would be carried out in a social engineering
attack. (8 Marks)
d) There is a predictable four-step sequence to social engineering attacks typically referred to
as an attack cycle. Outline the four steps describing how each step is applicable in the social
engineering attack cycle. (8 marks)
e) Using psychological principles in social engineering can create an environment where the
target is very receptive to your suggestions. Mastering the use of certain phrases and body
language on a target can accomplish your end goal in a social engineering attack. If you
were to write out this principle of embedded commands as an equation, how would you
write it? (2 Marks)
QUESTION TWO [20 MARKS]
John works for a large audit firm and has been hired to carry out an audit on a large
organizations social engineering attack preparedness. He creates a fake ID and uniform with the
company insignia. He then waits for an employee to gain access to the building and follows them
into the building. Using his uniform, he obtains sensitive information from the security guards on
the structural layout of the data center
a) i) What category of social engineers does John fall under? (2 Marks)
ii) Identify the two Social Engineering attack techniques employed by John (2 Marks)
iii) Briefly explain how each of the two attacks work. (4 Marks)
b) Identify and describe four ways to prevent and mitigate social engineering. (8 Marks)
c) What are the four factors that motivate social engineers? (4 Marks)
QUESTION THREE [20 MARKS]
The professional social engineer has a number of tools at their disposal.
a) i) How are Social Engineering tools categorized? (3 Marks)
ii) Provide 2 examples for each category. (6 Marks)
b) What is the Social Engineering Toolkit? (3 Marks)
c) i) Provide four prominent uses of the social engineering toolkit (4 Marks)
ii) What four methods can be used to employ a social engineering attack using the social
engineering toolkit? (4 Marks)
QUESTION FOUR [20 MARKS]
You have been tasked by the board of a large organization to test the security awareness level of
the employees of the company. The attack vector that will be used is a USB carrying malicious
software. The goal with this scenario is to get the front desk receptionist to accept your USB
drive that has the malicious program on it. The program will auto load and scrape her system for
all information, such as usernames, passwords, email accounts, SAM files that contain all the
passwords on the system, and more, copying it all to a directory on the USB drive.
Your pretext: you were attempting to drop off your CV before the deadline and on the way, you
spilled coffee all over your CV while avoiding a wreck less driver. You were dropping off your
daughter to school and didn’t have enough time to print out more copies as you were close to
the office and the deadline was approaching.
a) Using the scenario above, identify each key element of the communication module and
explain how each element would be effectively used in accomplishing the goal (15
Marks)
b) List five sources of information gathering. (5 Marks)
QUESTION FIVE [20 MARKS]
a) How would you define a microexpression? (3 Marks)
b) In understanding microexpressions, a social engineer or scammer can use certain
techniques to elicit information from a target
i) List six expressions that you can link with basic or biologically universal emotions of a
target. (6 Marks)
ii) What four things can help you detect deceit in a target? (4 Marks)
iii) Pick three of the expressions you listed and describe a revealing identifier that would
reveal the targets state of mind. (3 Marks)
c) Explain the concept of the Human Buffer Overflow in the context of social engineering
(4 Marks)
