UNIVERSITY EXAMINATIONS: 2016/2017
EXAMINATION FOR THE DEGREE OF MASTER OF SCIENCE IN
DATA COMMUNICATIONS/MASTER OF SCIENCE INFORMATION
SYSTEMS MANAGEMENT/MASTER OF SCIENCE DATA ANALYTICS
MDC 6302 MISM 5405 COMPUTER FORENSICS/CYBER SECURITY
DATE: AUGUST, 2017 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE [20 MARKS]
The following story is an excerpt from the Standard Newspaper of 22 March 2017. Read the
following story carefully and answer the questions that follow.
A 28-year-old man has been charged with hacking Kenya Revenue Authority (KRA) systems
and causing the loss of about Sh4 billion. Alex Mutungi Mutuku did not plead to the charge
because cybercrime officers asked that he be detained to give them more time to conduct their
investigations and arrest other suspects. Investigations indicate that Mutuku’s operation had
connections to a deep-rooted syndicate with connections outside the country.
According to State Prosecutor Edwin Okello, the hackers have high tech equipment and software
that have enabled them to steal from corporations, the latest of which was the Kenya Revenue
Authority, where the police managed to track the syndicate after it fraudulently acquired almost
Sh4 billion. “It is a case of remote control hacking where the suspects operate smoothly with
their machines and the next minute you realise you have no money in your account. The
information we have is just a tip of the iceberg. The racket is big and involves people outside the
country,” said Mr Okello.
Mr Mutuku is accused of causing the loss of Sh3, 985,663,858 from KRA by interfering with the
institution’s computer systems between March 2015 and March 2017.
Okello pleaded with the magistrate to allow detectives to detain the suspect for 40 days, arguing
that he is a flight risk and has been visiting several countries, to where he is likely to escape if
released on bail. “His passport shows that he is a person who is able to walk in and out of
Tanzania at will and has been visiting Uganda, Burundi, and India. He is a frequent traveller
outside the country, which makes him likely to abscond court if released on bail,” said Okello.
a. (i) With the aid of a diagram, explain the organized crime organizational chart.
(ii) With the aid of a diagram, explain the working of a typical Botnet setup.
b. Why and when do you use computer forensics? 3 Marks
c. Outline the contents of a computer investigation toolkit. 3 Marks
d. A computer Forensics Lab is a designated location for conducting computer-based
investigation on the collected evidence. What is included in setting up a Forensics Lab?
QUESTION TWO [15 MARKS]
a) Explain how an attacker hacks a network using sniffing tools. 3 Marks
b) Discuss the phases of a social engineering attack. 4 Marks
c) Explain how to infect systems using a trojan. 3 Marks
d) Explain five characteristics of digital evidence 5 Marks
QUESTION THREE [15 MARKS]
a) Discuss the challenging aspects of digital evidence. 4 Marks
b) Explain in detail the Web Server attack methodology. 6 Marks
c) Discuss the Mobile Forensics Challenges 5 Marks
QUESTION FOUR [15 MARKS]
a) Explain how to break a WEP encryption in wireless networks. 6 Marks
b) Explain how you would go about securing Android devices. 3 Marks
c) What are the roles of First Responder? 3 Marks
d) Discuss briefly any three major characteristics exhibited by most cyber criminals.