UNIVERSITY EXAMINATIONS 2017
EXAMINATION FOR THE DEGREE OF MASTER OF SCIENCE IN DATA
COMMUNICATIONS/MASTER OF SCIENCE INFORMATION SYSTEMS
MANAGEMENT/MASTER OF SCIENCE DATA ANALYTICS
MDC6302 MISM5405: COMPUTER FORENSICS/CYBER SECURITY AND
FORENSICS
DATE: DECEMBER, 2017 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE [20 MARKS]
a. Discuss the major reasons why Cyber Security is considered a “hard, multifaceted
problem”. 5 Marks
b. Discuss briefly any three major characteristics exhibited by most cyber criminals.
3Marks
c. Develop a checklist for preserving digital evidence from a standalone computer.
3Marks
d. Discuss the issues that may arise from data duplication. 3 Marks
e. Describe any four Encase forensic modules. 4 Marks
f. Differentiate between static and live data acquisitions. 2 Marks
QUESTION TWO [15 MARKS]
a) Describe any five processes that help in achieving information assurance. 5 Marks
b) Discuss briefly any five factors can increase or decrease the level of impact a threat may
have on an enterprise and its assets. 5 Marks
c) Discuss why Web Servers are compromised. 5 Marks
QUESTION THREE [15 MARKS]
a) Discuss the checklist for securing and evaluating electronic crime scene. 5 Marks
b) (i) Why is it necessary to audit a computer forensics lab? 2 Marks
(ii) Outline the procedure for auditing a computer forensics lab. 3 Marks
c) Discuss the challenges experienced when dealing with Log management. 5 Marks
QUESTION FOUR [15 MARKS]
a) (i) What is phlashing? 1 Mark
(ii) How is phlashing conducted? 2 Marks
b) Explain the three techniques that attackers use to propagate malicious code to newly
discovered vulnerable system. 3 Marks
c) Discuss in detail the steps you would follow in countering DoS/DDoS attacks.
9Marks
