UNIVERSITY EXAMINATIONS: 2016/2017
EXAMINATION FOR THE DEGREE OF MASTER OF SCIENCE IN
DATA COMMUNICATIONS/MASTER OF SCIENCE INFORMATION
SYSTEMS MANAGEMENT/MASTER OF SCIENCE DATA ANALYTICS
MDC6302 MISM5405 MDA5403 COMPUTER FORENSICS & CYBER
SECURITY AND FORENSICS
DATE: APRIL, 2018 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE [20 MARKS]
a) Discuss any three myths and misconceptions about cybercriminals. 3 Marks
b. Discuss any three characteristics exhibited by most cybercriminals. 3 Marks
c. Outline the key guidelines to use in building an investigation team 3 Marks
d. (i) State Locard’s exchange principle. 1 Mark
(ii) What is the role of digital evidence? 1 Mark
(iii) Describe the different types of digital data 5 Marks
e) Describe any four of the five root folders found in the Windows Registry. 4 Marks
QUESTION TWO [15 MARKS]
a) Explain in detail the network vulnerability assessment methodology 5 Marks
b) Describe in detail the three major data acquisition formats . 6 Marks
c) Discuss any two methods used for recovery of deleted partitions. 4 Marks
QUESTION THREE [15 MARKS]
a) Explain briefly the following cloud computing threats:
(i) Unknown risk profile 2 Marks
(ii) Abuse of cloud services 2 Marks
b) Discuss the procedure for creating a First Responder Toolkit 4 Marks
c) Discuss in detail any five elements that should be planned before building a computer
forensics lab 5 Marks
d) Discuss how virtualization is going to affect digital forensics 2 Marks
QUESTION FOUR [15 MARKS]
a) Even when everyone acknowledges that a computer crime has been committed,
computer crime is hard to prosecute. State four reasons why it is hard to prosecute
computer crimes. 4 Marks
b) (i) Differentiate between a technical expert and an expert witness in a forensic
investigation. 1 Mark
(ii) Discuss in detail the role of an expert witness. 4 Marks
c) (i) What can a criminal do with mobile phones? 3 Marks
(ii) Discuss the mobile forensics challenges. 3 Marks