UNIVERSITY EXAMINATIONS: 2016/2017
EXAMINATION FOR THE DIPLOMA IN NETWORK FORENSICS AND
COMPUTER SECURITY
DNF404 COMPUTER FORENSICS AND CYBER CRIME
DATE: AUGUST, 2017 TIME: 2 HOURS
INSTRUCTIONS: Answer question ONE and any other TWO questions.
QUESTION ONE (30 MARKS) – COMPULSORY
a) Define Digital Evidence as used in computer forensics [2Marks]
b) Describe how you can analyze and interpret digital data to support or refute certain
allegations of misuse involving digital systems. [8Marks]
c) Clearly elaborate the steps followed when observing the CoC [Chain of Custody] during
a digital forensics investigation [14Marks]
d) List and explain the use of 3 tools used in computer forensics [6 Marks]
QUESTION TWO (20 MARKS)
a) Define Steganography steganography [1Mark]
b) As a Forensic Expert, describe the use of MD5 [2 Marks]
c) Any Digital Evidence has to be; Admissible, Authentic, Accurate, and Complete for it to
be acceptable as an evidence in a court of law. Explain [8 Marks]
d) Describe the key steps involved during Incident Response in Computer Forensics
[9Marks]
QUESTION THREE (20 MARKS)
a) You receive the following email from the Help Desk:
Dear UCSC Email User,
Beginning next week, we will be deleting all inactive email accounts in
order to create space for more users. You are required to send the
following information in order to continue using your email account. If
we do not receive this information from you by the end
of the week, your email account will be closed.
*Name (first and last):
*Email Login:
*Password:
*Date of birth:
*Alternate email:
Please contact the Webmail Team with any questions. Thank you for
your immediate attention.
Identify the type of computer crime this is and describe how you can prevent from such
[5Marks]
b) Kerberos is a network authentication protocol. It is designed to provide strong
authentication for client/server applications by using secret-key cryptography. With the
help of a diagram, describe the working of Kerberos [15 Marks]
QUESTION FOUR (20 MARKS)
a) Discuss 5 controls or countermeasures that attempt to prevent exploitation of computing
system’s vulnerabilities [10Marks]
b) List at least four kinds of harm a company could experience from electronic espionage or
unauthorized viewing of confidential company materials [4Marks]
c) Preserving confidentiality, integrity, and availability of data is a restatement of the
concern over interruption, interception, modification, and fabrication. How do the first
three concepts relate to the last four? [6Marks]
QUESTION FIVE (20 MARKS)
a) Developers often think of software quality in terms of faults and failures. Faults are
problems, such as loops that never terminate or misplaced commas in statements, that
developers can see by looking at the code. Failures are problems, such as a system crash
or the invocation of the wrong function, that are visible to the user. Thus, faults can exist
in programs but never become failures, because the conditions under which a fault
becomes a failure are never reached. Discuss how software vulnerabilities fit into this
scheme of faults and failures.
[10Marks]
b) An operating system has two goals: controlling shared access and implementing an
interface to allow that access. Underneath those goals are support activities, including
identification and authentication, naming, filing objects, scheduling, communication
among processes, and
reclaiming and reusing objects. Briefly describe five functions that an Operating system
does.
[10Marks]
