UNIVERSITY EXAMINATIONS: 2018/2019
EXAMINATION FOR THE DEGREE OF MASTER OF SCIENCE IN
INFORMATION SYSTEMS MANAGEMENT/ MASTER OF SCIENCE IN
DATA ANALYTICS
MDA 5403 /MISM 5304: CYBER SECURITY AND COMPUTER
FORENSICS
DATE: AUGUST 2019 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE
a) Restriction of cyber crimes is dependent on proper analysis of their behavior and
understanding of their impacts over various levels of society
i.) Define the term cyber crime (2 Marks)
ii.) Highlight three challenges of cyber security (3 Marks)
iii.)Explain three impact of cyber crimes on society (3 Marks)
b) Define cyber terrorism and describe three different forms of cyber terrorism and how it may
affect the critical infrastructures (6 Marks)
c) Explain any three types of computer investigations typically conducted in the corporate
environment. (6 Marks)
d) Highlight the basic steps of the computer forensic investigation process. (6 Marks)
e) Explain the difference between “live acquisition” and “post mortem acquisition”. Give an
example when “live acquisition” is necessary. (4 Marks)
QUESTION TWO
a) Describe three different types of Computer forensics in detail. (6 Marks)
b) Evidence integrity is essential in order for digital evidence to be admissible in court and to
carry weight as evidence.
i.) What is CoC (Chain of Custody) and why is it important for evidence integrity?
(2 Marks)
ii.) Assuming that a forensic team follows the right steps for preserving evidence integrity
and for keeping an unbroken CoC, what must they do in order to convince the court that
they have done so? (1 Mark)
iii.) What is OOV (order of volatility), and how does it influence decisions regarding which
evidence should be preserved first? (3 Marks)
iv.)List three various data storage media as a function of their OOV. (3 Marks)
QUESTION THREE
a) Organizations need effective cyber security strategy to shield them from growing cyber
security attacks. Using relevant examples describe three taxonomies of cyber security
attacks.
(8 Marks)
b) The enormity of cyberspace is stretching the boundaries of the possibility of attacks
worldwide.
i.) Explain how is international law intersecting with national law in this realm (3 Marks)
ii.) Are the relevant laws among member states to the Cybercrime Convention essentially
the same or does each country gets to tailor those rules? Discuss. (4 Marks)
QUESTION FOUR
a) If you are appointed as a digital forensics lab manager, how would you prepare your lab and
staff for future forensics investigations? You need to provide a comprehensive plan with
relevant description. (9 Marks)
b) Explain six basic scientific principles for the forensic investigation process. (6 Marks)