UNIVERSITY EXAMINATIONS: 2017/2018
ORDINARY EXAMINATION FOR THE BACHELOR OF SCIENCE IN
BAC5103 MOBILE WIRELESS FORENSIC
DATE: APRIL 2018 TIME: 2 HOURS
INSTRUCTIONS: Answer Question ONE and any other TWO
a) Mobile Wireless Forensics is an expansive and fast-moving field. New and evolving
technologies such as cellular phones, personal digital assistants (PDAs), as well as new
and ever-changing operating systems and file systems all require in-depth analysis to
determine how best to extract information pertinent to an investigation. Briefly discuss
the step by step approach for Mobile Wireless Forensic investigation.
b) Outline FIVE challenges facing Mobile Forensic experts in their line of duty.
c) When acquiring data/information from a volatile memory of a Mobile Device, an analyst
should be familiar with the methods used in acquiring volatile memory.
i. Briefly describe TWO methods of acquiring volatile memory [4 Marks]
ii. Outline the Pros and Cons of the TWO methods (a) mentioned above
a) Define the following terminologies as used in forensics [3 Marks]
i. Digital Forensic
ii. Dead-box analysis
iii. Chain of Custody (CoC)
b) There is an eminent risk of losing data/information when analyzing and recovering
data/information from a volatile memory,
i. List THREE tools that can be used to acquire memory [3 Marks]
ii. Briefly describe the precautions to be taken when conducting the above (i) exercise.
a) Briefly explain a systematic approach on how to prepare a Mobile Digital Device for
investigation. [5 Marks]
b) List FIVE tools that can be used to secure your digital evidence from damage
c) The first rule of thumb when acquiring an Image of Evidence Media is that, you should
preserve the original evidence then conduct your analysis only on the copy. Discuss.
d) An IDS is suitable for use in forensic analysis of attacks. Justify the usefulness of an IDS
in forensic analysis. [5 Marks]
a) List TWO mobile Operating System [1 Mark]
b) State and explain TWO security mechanism used by mobile Operating Systems for
security. [4 Marks]
c) Outline FIVE attacks that can be committed using mobile wireless device [5 Marks]
d) Wireless networks are perceived to be vulnerable and open to many attacks. Discuss
FIVE vulnerabilities of wireless network and possible solutions. [10 Marks]
a) Define GSM as used in wireless networks [1 Mark]
b) Outline FIVE key GSM security features [5 Marks]
c) Using a sketch diagram, describe the GSM architecture [5 Marks]
d) The following components were found in a GSM device on a crime scene.
i. Equipment Identity Register (EIR)
ii. International Mobile Equipment Identifier (IMEI)
iii. Central Equipment Identity Register (CEIR)
Using the information provided in part (d). Explain the importance of the abovementioned components with regards to forensic investigation.
e) What are the legal requirements for the use of forensic evidence extracted from a Mobile
device [4 Marks]
a) Outline FIVE items that can be stored on a cellphone and can have a bearing on Mobile
Forensic Investigation [5 Marks]
b) List and briefly explain the role of the main components used for mobile communication
platform [8 Marks]
c) What is an Obstructed Device? [2 Marks]
d) Briefly discuss the THREE categories of methods that are used for analyzing Obstructed
Devices. [5 Marks]