UNIVERSITY EXAMINATIONS: 2017/2018
EXAMINATION FOR THE DEGREE OF BACHELOR OF SCIENCE IN
INFORMATION COMMUNICATIONS TECHNOLOGY
BCT 3204 COMPUTER FORENSICS
FULL TIME/PART TIME/DISTANCE LEARNING
DATE: DECEMBER, 2017 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE [30 MARKS]
a) Why is physical security so critical for computer forensics labs? (4 Marks)
b) Hackers pose a growing threat in the current interconnected cyberworld. In order to
investigate hacking attacks, what skills are needed by a computer forensics investigator?
(6 Marks)
c) i) What is non-volatile memory and how is this useful in a computer forensics investigation?
(4 Marks)
ii) Provide four types of non-volatile memory information that a computer forensics
investigator might collect. (4 Marks)
iii) Compare and contrast two advantages each of volatile versus non-volatile information.
(4 Marks)
d) i) What is Meta Data? (2 Marls)
ii) Describe its importance in Computer Forensics. (4 Marks)
iii) Provide two examples of Meta Data. (2 Marks)
QUESTION TWO [20 MARKS]
a) Write down 6 types of computer forensic investigations that can be conducted at a computer
Forensics lab. (6 Marks)
b) To preserve the integrity of digital evidence, name or describe at least 3 things a digital
forensic investigator must do. (3 Marks)
c) What concerns must a forensic investigator take into consideration when collecting,
analyzing and presenting evidence collected from a live system acquisition? (8 Marks)
d) Why is proper chain of custody such an important principle in any forensic investigation?
(3 Marks)
QUESTION THREE [20 MARKS]
TCP ports are virtual ports normally created by computers and applications. Hackers take
advantage of vulnerabilities presented by some of these ports to launch an attack. What How
does this crime affect the Forensics Process? (10 Marks)
a) Name 4 ports you would consider important in an investigation. (4 Marks)
b) Describe how an attacker would take advantage of the vulnerability on one of your named
ports (6 Marks)
c) Describe a tool you would use to investigate an attack one of these ports and how you would
use the tool to map the attack or uncover forensic evidence in your investigation.
(10 Marks)
QUESTION FOUR [20 MARKS]
a) Describe three general cryptanalysis techniques used to recover encrypted data.
(6 Marks)
b) Identify a type of cipher which each technique is most effective upon. (6 Marks)
c) What is Steganography and how is this useful in the investigation of a Digital Crime?
(4 Marks)
d) Compare and contrast 2 points on the difference between compression versus encryption of
data in Digital Forensics (4 Marks)
QUESTION FIVE [20 MARKS]
a) Describe the contents of e-mail headers. (8 Marks)
b) How is the e-mail header information useful to an investigator? (6 Marks)
c) What is the usefulness of tracing e-mail to its origin? (4 Marks)
d) Name a tool that can be used for e-mail forensics (2 Marks)