UNIVERSITY EXAMINATIONS: 2017/2018
EXAMINATION FOR THE BACHELOR OF SCIENCE IN APPLIED COMPUTING
BAC5103 MOBILE WIRELESS FORENSIC
FULLTIME/PARTTIME
DATE: AUGUST 2018 TIME: 2 HOURS
INSTRUCTIONS: Answer Question ONE and Any other TWO Questions
QUESTION ONE
In analyzing and recovering Data/Information from Memory, there are many relatively new tools
available that have been developed in order to recover and dissect the information that can be
gleaned from volatile memory.
a) Define forensics as used in Mobile Wireless Forensics [1 Marks]
b) Briefly discuss MERITS and DEMERITS of any THREE analyzing and recovering tools
for data/information from memory. [6 Marks]
c) State and explain THREE types of data/information that can be gleaned from Memory of
a suspect mobile device. [3 Marks]
d) Define “On-Site Triage” process. [1 Mark]
e) State and explain FOUR steps during On-Site Triage [4 Marks]
f) Outline FIVE benefits of “On-Site Triage process. [5 Marks]
g) Establishing procedures for guiding in the process of acquisition, as well as the
examination of evidence is very important. List and explain FIVE steps documented during
the development and validation of the procedures. 10 Marks]
QUESTION TWO
To acquire volatile memory and analyze it, first an analyst must have a
Technique for acquiring memory.
a) Briefly discuss TWO methods of acquiring volatile memory. [4 Marks]
b) Outline the Pros and Cons of the TWO methods (a) mentioned above [4 Marks]
c) Outline and explain FIVE types of Operating Systems used in Mobile Devices [5 Marks]
d) Define the following terminologies as used in Mobile Wireless Forensics
i. Dead-box analysis [1 Mark]
ii. Chain of Custody (CoC) [1 Mark]
e) It is always recommended that you use a back-up copy when analyzing evidence from a
mobile device. Discuss the importance of this. [5 Marks]
QUESTION THREE
The main goals of misuse detection is to know what constitute an attack and detect it.
a) Describe TWO corrective measure you will take on detection of and attack [2 Marks]
b) Briefly discuss THREE typical detection approaches. [3 Marks]
c) Outline FIVE Pros and Cons of misuse detection [5 Marks]
d) Wireless communication has facilitated storage of data in remote locations using various
technologies e.g cloud computing.
i. Based on (d) above, discuss the challenges faced in mobile forensics by the entry of
these new technologies. [10 Marks]
QUESTION FOUR
a) Discuss the following with regards to Mobile wireless forensic.
i. Imaging Methods and Storage Technology [5 Marks]
ii. Evidence Dynamics and Evidence Preservation [5 Marks]
It is recommended that once the mobile device is ready to be seized, the forensic specialist should
seal the device in an appropriate container and label it appropriately according.
b) Outline FIVE advantages of following the recommendations in (b) above. [5 Marks]
i. List TWO tools that can be used for sealing the seized device. [4 Marks]
ii. Explain how the above named tools () protects the seized device [1 Mark]
QUESTION FIVE
a) With the aid of a diagram, describe the basic components of the following;
i. Cellular Phone [8 Marks]
ii. The GSM architecture [8 Marks]
b) Briefly explain FOUR challenges faced by Mobile Wireless Forensics experts in Kenya
today [4 Marks]
