UNIVERSITY EXAMINATIONS: 2016/2017
EXAMINATION FOR THE DIPLOMA IN NETWORK FORENSICS AND
COMPUTER SECURITY
DNF303 INTRODUCTION TO COMPUTER FORENSICS
DATE: NOVEMBER, 2016 TIME: 1 ½ HOURS
INSTRUCTIONS: Answer any THREE questions.
QUESTION ONE
a) The digital age has produced digital devices such as personal computers, tablets, cell
phones etc. which have become more accessible to consumers, leading to their increased
use in criminal activity (for example, to help commit fraud).This led to the emergence of
the computer forensics discipline. In your own words explain the importance of computer
forensics. (6 Marks)
b) There is a thin line between eDiscovery and computer forensics outline any three
differences (6 Marks)
c) You are in the panel of interviewers sourcing for qualified computer forensics expert.
Outline what qualities the candidate of your choice should possess (5 Marks)
d) Give THREE applications of computer forensics (3 Marks)
QUESTION TWO
a) Computer forensic examination process is divided into eight stages. Discuss (8 Marks)
b) Forensics examiners face many challenges in the line of duty. Explain these challenges
under the following categories:
i. Technical ( 4Marks)
ii. Legal (4 Marks)
iii. Administrative (4 Marks)
QUESTION THREE
a) A software license is a legal document, governing the use or redistribution of
software. It allows an individual or group to use a piece of software. Explain any FIVE
types of such licenses. (5 Marks)
b) Explain the importance of software licensing (5 Marks)
c) What are the functions of the BIOS? (6 Marks)
d) Differentiate between volatile and non-volatile data (4 Marks)
QUESTION FOUR
a) All internal fraud matters within Bailey books incorporated are referred to Loren D.
Bridges, a Certified Fraud Examiner. Often, internal fraud issues at Bailey involve
misconduct by Bailey’s cashiers, but Bridges also receives a constant stream of complaints
alleging misconduct by Bailey Books’ salespeople and distributors. One day, Bridges
received a telephone call in which the caller, who was male, wanted to keep his identity
hidden. The caller, however, claimed to have been a “long-term” supplier of books,
sundries, and magazines to Bailey. The caller said that ever since Linda Collins took over
as purchasing manager for Bailey several years ago, he has been systematically “squeezed
out” of doing business with Bailey. Although Bridges queried the caller for additional
information, the caller hung up the telephone. Under the facts in this case study, there could
be many legitimate reasons why a supplier to Bailey would feel unfairly treated. Linda
Collins could be engaged in fraud, as the caller claimed, or the caller could be someone
who has a personal vendetta against Collins and wants to get her fired. That is, Bridges
does not have enough information to know if the caller was “squeezed out” of doing
business with Bailey or why this might have been the case. Because Bridges does not have
all of the facts, he should investigate the matter using the fraud theory approach. Illustrate
the concepts involved in the fraud examination process. (8 Marks)
b) A typical fraud examination team includes various types of professionals. List any five
(5 Marks)
c) Differentiate between volatile and non-volatile data (4 Marks)
d) To avoid trivial or inappropriate investigations, executive management must define and
limit who is authorized to request a computer investigation and forensic analysis.
Generally, the fewer groups with authority to request a computer investigation, the better.
List examples of groups that should have direct authority to request computer
investigations in the corporate environment. (3 Marks)
QUESTION FIVE
a) Explain why computer forensics is important in the digital age (5 Marks)
b) For privilege to be created four elements must obtain. list them (4 Marks)
c) Write the following values in full (5 Marks)
i. LF
ii. VT
iii. FF
iv. CR
v. SO
d) List the benefits of software licensing (6 Marks)