BCT 3204  COMPUTER FORENSICS . KCA Past Paper

UNIVERSITY EXAMINATIONS: 2016/2017
EXAMINATION FOR THE DEGREE OF BACHELOR OF SCIENCE IN
INFORMATION AND COMMUNICATIONS TECHNOLOGY
BCT 3204 COMPUTER FORENSICS
FULL TIME/PART TIME/DISTANCE LEARNING
DATE: AUGUST, 2017 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.

QUESTION ONE [30 MARKS]
a) i) What is the importance of Hashing in Computer Forensics? (3 Marks)
ii) Name 2 hashing algorithms that can be utilized in computer forensics. Give an example
of their application in Digital Forensics. (4 Marks)
b) i) Describe the purpose of a write block protection device? (3 Marks)
ii) Provide and describe two types of write blockers. (6 Marks)
c) Compare and contrast two advantages each of volatile versus non-volatile information?
(8 Marks)
d) Describe the content of the e-mail headers. How is the e-mail header information useful to
an investigator? (6 Marks)
QUESTION TWO [20 MARKS]
a) Write down 6 types of computer forensic investigations that can be conducted at a computer
Forensics lab. (6 Marks)
b) To preserve the integrity of digital evidence, name or describe at least 3 things a digital
forensic investigator must do. ( 3 Marks)
c) Discuss the concerns a forensic investigator must take into consideration when collecting,
analyzing and presenting evidence collected from a live system acquisition. (8 Marks)
d) Why is proper chain of custody such an important principle in any forensic investigation?
(3 Marks)
QUESTION THREE [20 MARKS]
In hacking, attackers can use a number of techniques to compromise a system. SQL injection
may be the most common Web attack. It is based on inserting SQL commands into text boxes,
often the username and password text fields on the logon screen
a) How does this crime affect the Forensics Process? (10 Marks)
b) Describe a networking tool you would use to uncover a vulnerability that could be
exploited by an SQL injection attack. (5 Marks)
c) List 5 other types of computer crimes. (5 Marks)
QUESTION FOUR [20 MARKS]
a) Describe three general cryptanalysis techniques used to recover encrypted data.
(6 Marks)
b) Identify a type of cipher which each technique is most effective upon. (6 Marks)
c) What is Steganography and how is this useful in the investigation of a Digital Crime?
(4 Marks)
d) Compare and contrast 2 points on the difference between compression versus encryption of
data in Digital Forensics (4 Marks)
QUESTION FIVE [20 MARKS]
a) Explain what Slack space is. (4 Marks)
b) What is a file on a hard disk that is used to provide space for programs that have been
transferred from the processor’s memory? (2 Mark)
c) Provide four types of non-volatile memory information that a computer forensics
investigator might collect (4 Marks)
d) Walk through the steps you would use to gather information in slack. (6 Marks)
e)
i) Name 2 types of Volatile memory (2 Marks)
ii) Name 2 types of Non-volatile memory (2 Marks)

(Visited 493 times, 1 visits today)
Share this:

Written by