UNIVERSITY EXAMINATIONS: 2021/2022
EXAMINATIONS FOR THE DEGREE OF BACHELOR OF SCIENCE IN
INFORMATION SECURITY AND FORENSICS
BISF 3104: ADVANCED DIGITAL FORENSICS
FULL TIME/PART TIME
DATE: DECEMBER, 2021 TIME: 2 HOURS
INSTRUCTIONS: Answer QUESTION ONE AND ANY OTHER TWO questions.
QUESTION ONE – COMPULSORY [20 MARKS]
Read the following case study and answer the questions that follow:
A medium-sized bank in Kenya had gone through a series of transitions, culminating in a new
Board of Directors and, because of new regulations in the financial industry, an independent
Auditing Committee in accordance with the new regulations in the financial industry. The Auditing
Committee charged certain officers of the bank with engaging in suspect activities related to
particular Bank expenses that were either hidden or ”lost” from the purview of the normal Bank’s
accounting practices. A reputable accounting firm was hired to audit certain activities by officers
of the Bank. During the investigation, the auditors needed to examine several computer systems
used by certain Bank employees.
The accounting firm retained Syslogic Technologies Ltd (STL) as the digital forensic examiners to
perform examinations of the Bank’s digital assets. STL focused its initial examination on
particular desktop and network systems used by the suspect employees. The Bank’s IT department
was tasked to give STL all the assistance they needed.
You work for STL and you have been tasked to lead this forensic investigation.
a) Develop a check list of all the items you would require to conduct First Responder
Procedures for this case. 4 Marks
b) Discuss your detailed plan of action for this investigation. 6 Marks
c) Discuss in detail all the Tools you anticipate will be required in each step of the
investigation. 4 Marks
d) Suppose the suspects had used anti-forensic techniques, how would you overcome the
challenges paused by anti-forensics? 6 Marks
QUESTION TWO [15 MARKS]
a) Discuss the challenges posed by log management and how you would mitigate them.
b) Using real world examples, discuss the challenges in web applications
forensics. 5 Marks
c) How would you verify SQL injection attacks? 4 Marks
QUESTION THREE [15 MARKS]
a) You work for DCI Kenya and you have been tasked to conduct a Forensics Investigation
involving a politician accused of laundering money.
i) Discuss the special challenges that you would encounter in this investigation.
ii) What steps would you take to ensure that your forensic investigation runs
unhindered? 5 Marks
b) Outline the steps you would follow in processing an Internet abuse case. 5 Marks
QUESTION FOUR [15 MARKS]
a) Using real world example, discuss the mandatory and optional requirements you would
use to select a data acquisition tool. 10 Marks
b) Using real world examples, discuss any five special challenges that cybercrimes present
to investigators. 5 Marks