lOMoARcPSD|15171841

Question BANK CYBER FORENSICS IN ENGINEERING

STUDY
Cyber Forensics (Anna University)

StuDocu is not sponsored or endorsed by any college or university

Downloaded by ganeSh ([email protected])
 lOMoARcPSD|15171841

K.RAMAKRISHNAN COLLEGE OF TECHNOLOGY

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

CS8074–CYBER FORENSICS
QUESTION BANK
UNIT I
INTRODUCTION TO COMPUTER FORENSICS
Introduction to Traditional Computer Crime, Traditional problems associated with Computer Crime. Introduction to
Identity Theft & Identity Fraud. Types of CF techniques – Incident and incident response methodology – Forensic
duplication and investigation. Preparation for IR: Creating response tool kit and IR team. – Forensics Technology and
Systems – Understanding Computer Investigation – Data Acquisition..
PART A
1. Define Traditional Computer Crime and what are the motivations for computer Remember BTL1
intrusion in contemporary society?
2. What is meant by Identity theft & Identity Fraud? Remember BTL1
3. Diffentiate ‘Cyber Forensics’ and ‘Cyber Crimes’. Understand BTL 2
4. Pointout which CF Techniques are being used for Investigations. Analyze BTL 4
5. Show the preparations are required for Incident Response Methodology. Apply BTL 3
6. Illustrate the importance of phreaking. Apply BTL3
7. Interpret the tasks of a Computer Forensic Examination protocol. Understand BTL2
8. Express the rules for Computer Forensics in investigation. Understand BTL2
9. Classify different types of Computer Forensics Technologies. Apply BTL 3
10. Analyze the different types data produced by windows data acquisition tool. Analyze BTL 4
11. Decide the Criminal and Civil proceedings which can be used as computer Evaluate BTL 5
Forensics Evidence.
12. Define the term ‘e-mail abuse’. Remember BTL 1
13. How will you find out the Hidden Data in Forensics Technology? Analyze BTL4
14. List the hierarchy involved in internet security forensic system & Contemporary Remember BTL 1
Cybercriminals?
15. How can the Hackers gain advantage in stealing essentials of investigation in Create BTL 6
forensics?
16. Express about why the evidence media be write Protected. Understand BTL 2
17. List the three items should be on an evidence custody form. Remember BTL1
18. How will you plan the most critical aspects of computer Evidence? Create BTL6
19. Define RAID Data Acquisition. Remember BTL1
20. Assess the disadvantages of using the WINDOWS XP/VISTA USB write- Evaluate BTL 5
protection Registry Method?
PART B
1. Analyze the traditional Computer crimes associated with Cyber Forensics. (13) Analyze BTL 4
2. Explain in detail about Identity Theft and Identity Fraud and mention the points (13) Analyze BTL 4
of differences between them.
3. Summarize in detail about Incident Response Methodology and the six steps (13) Understand BTL 2
associated with it.
4. Point out the features of Forensic Duplication and Investigation & also outline (13) Analyze BTL 4
the problems and challenges forensic examiners face when preparing and
processing investigations, including the ideas and questions they must consider.
Examine the roles of the following terms in computer forensics in detail Apply BTL 3
5. (i) Forensics Technology (7)
(ii) Forensics Systems (6)
6. Assess Data FTK imager in detail and list out some applications. (13) Evaluate BTL 5
7. Summarize the following: Understand
(i) Understanding Storage Formats for Digital Evidence (7)
(ii) Process of acquiring data with a linux boot CD (6) BTL 2

Downloaded by ganeSh ([email protected])

 lOMoARcPSD|15171841

8. Describe in detail about the following :- Remember BTL 1

(i) Understanding Data Recovery Workstations and software (7)
(ii) Preparing for a Computer Investigation. (6)
9. Describe in detail about the following terms in detail:- Remember BTL 1
(i) Validating Data Acquisition (7)
(ii) Performing RAID Data Acquisitions (6)
10. (i) Explain about the various types of CF techniques and how to apply the CF (13) Apply BTL 3
techniques in various applications.
11. Examine the following cases in Cyber Forensics:- Remember BTL 1
(i) Completing the case (5)
(ii) Critiquing the case (4)
(iii) Analyzing the Digital Evidence (5)
12 Describe the following Procedures for Corporate high tech investigation Remember BTL 1
(i) E-mail abuse Investigation (7)
(ii) Media Leak Investigation (6)
13 Write short notes on: Understand BTL 2
(i) Forensic duplication (7)
(ii) Forensic investigation (6)
14 Formulate a plan to get different types data using windows data acquisition tool (13) Create BTL 6
and determine the contingency planning for image Acquisition.
Part C
1 (i) Analyze the concept of data acquisition methods and explain how you could (8) Analyze BTL 4
work in a case of clustering.
(ii) Analyze the physical requirements for a computer forensics lab (7)
2 Evaluate the problems and challenges forensic examiners face when preparing (15) Evaluate BTL 5
and processing investigations, including the ideas and questions they must
consider.
3 Develop a Remote Network Acquisition Tools in cyber Forensics. (15) Create BTL 6
4 Recommend the solutions for the investigation of Employee termination case, (15) Evaluate BTL 5
internet abuse investigation, Attorney Client Privilege investigation in corporate
high tech investigation.

UNIT II
UNIT II EVIDENCE COLLECTION AND FORENSICS TOOLS
Processing Crime and Incident Scenes – Working with Windows and DOS Systems. Current Computer
Forensics Tools: Software/ Hardware Tools.
PART-A
Q.No Questions BT Level Competence
1 Define the term “Digital Evidence”. Remember BTL1
2 List the general tasks investigators perform while working with Remember BTL1
Digital Evidence.
3 Show the types of field kit to be used in a crime scene. Apply BTL4
4 List the set of features which are applicable to computer forensics Remember BTL1
practice.
5 Assess what materials you would collect to complete your analysis Evaluate BTL 5
and processing of a scene?
6 Define the tasks of using a technical advisor for forensic purposes. Remember BTL 1
7 Illustrate the use case requirements for forensic purposes. Apply BTL 4
8 Assess some of the general tasks you perform in any computer Analyze BTL 4
Forensics.
9 Define Hashing algorithms for forensic purposes. Remember BTL 1
10 Differentiate Master Boot Record(MBR) and Master File Understand BTL 2
Table(MFT).
11 How will you create “New Technology File System”? Create BTL 6
Downloaded by ganeSh ([email protected])
 lOMoARcPSD|15171841

12 Analyzethe five major categories refining data analysis and recovery Analyze BTL 4
functions in computer forensic tools.
13 Asses the role of “Virtual Cluster Number”. Evaluate BTL 5
14 What is meant by “Zoned Bit Recording(ZBR)”. Understand BTL 2
15 Distinguish between Trusted Computing Group and Trusted Understand BTL 2
Platform Module.
16 Differentiate Hardware Forensic Tools and Software Forensic Tools. Analyze BTL 4
17 Show how the reconstruction tool is useful in forensics? Apply BTL 3
18 List the tools used in validation and discrimination in Forensics. Remember BTL1
19 Express the term ‘Computer Forensics Tool Testing’? Understand BTL 2
20 How will you generalize the utility of National Software Reference
Library ? Create BTL 6
PART-B
1 Illustrate how the processing of an incident will or a crime scene Apply BTL 3
takes place in cyber forensics. (13)
2 Explain in detail about how the understanding of File Systems plays (13) Analyze BTL 4
a crucial role in cyber forensics.
3 Summarizein detail about the following :- (7)
(i) Computer Forensics Software Tools (6) Evaluate BTL 5
(ii) Computer Forensics Hardware Tools
4. Explain in detail about the following terms:- (7)
(i) Disk Partitions (6)
(ii) FAT disks Analyze BTL 4
5 List the steps involved in examining NTFS disks and explain. (13) Remember BTL 1

6 Discuss about the validation and testing of forensic software. How (13) Understand BTL 2
Validation and Discrimination differ from each other.
7 Describe about how the whole disk encryption is performed in Cyber (13)
Remember BTL 1
forensics
8 Generalizethe idea behind using the following tools in forensics :- (7)
(i) Exploring Windows Registry (6) Create
(ii) Examining the Windows Registry BTL 6
9 (i) Discuss the MS-DOS Startup Tasks and other Disk Operating (7)
Systems in detail. (6)
(ii) Express in detail about how the understanding of NTFA, FAT, Understand BTL 2
FAT32 in the system plays a crucial role in CyberForensics.
10 Describe the following mechanisms in detail: (7)
(i) NTFS data streams, Encrypting file systems (6)
(ii) NTFS compressed files Remember BTL 1
11 Examine the processes involved in preparing for a search and also the (13)
seizing procedure for the Digital Evidence. Remember BTL-1
12 Discuss briefly about : Understand BTL-2
(i) Determining the tools that are needed for Forensics (7)
(ii) Storing a digital evidence (6)
13 (i) Illustrate the Digital Hash technique in detail. (7) Apply BTL-3
(ii) Examine: Acquiring Evidence with Access Data FTK. (6)
14 Explain briefly about the RAID architecture and its types associated (13) Analyze BTL 4
with the acquisition structure.
PART C
1 Why corporate investigations are typically easier than law (15) Evaluate BTL5
enforcement investigations. Recommend the process of investigations
and justify the solutions.

Downloaded by ganeSh ([email protected])

 lOMoARcPSD|15171841

2 When considering new forensics software, you should do which of Evaluate BTL5
the following? Justify your answer. (15)
(i) Uninstall other forensics software.
(ii) Reinstall the OS.
(ii) Test and validate the software.
3 Analyze and validate the results of a forensic analysis, you should do (15) Analyze BTL 4
which of the following:
(a) Calculate the hash value of tools
(b) Use a different tool to compare the results of evidence you find.
(b) Repeat the steps used to obtain the digital evidence using the same
tool and recalculate.
(i) The hash value to verify the results.
(ii) Do both (a) and (b)
(iii) Do both (b) and (c)
(iv) Do both (a) and (c)
4 Compose a solution to run the computer safely, if a suspect computer (15) Create BTL 6
is running on windows 7.

UNIT III
UNIT-III ANALYSIS AND VALIDATION
Validating Forensics Data – Data Hiding Techniques – Performing Remote Acquisition –
Network Forensics – Email Investigations – Cell Phone and Mobile Devices Forensics.
PART-A
Q.No Questions BT Level Competence
1 Define data discrimination is done by using Hash Values. Remember BTL1
2 Give some legal and illegal purposes for using steganography. Understand BTL2
3 Analyze whether password recovery is included in all Analyze BTL 4
thecomputer forensic tools is used or not. Why?
4 Show the guidelines for identifying steganography files. Apply BTL 3
5 List the general procedures used for most Computer Forensics Remember BTL1
Investigations.
6 Give the methods for Steganalysis Attack. Understand BTL1
7 Classify the Compression techniques used in Computer Apply BTL3
Forensics
8 Interpret Bit Shifting with an example. Understand BTL1
9 Pointout the Shareware Programs for Remote Acquisitions. Analyze BTL4
10 What is the purpose of PUK (Pin Unlock Key)? Remember BTL1
11 How will you generalize the modes of Protection? Create BTL6
12 Define any three standard procedures used in Network Remember BTL1
Forensics.
13 Examine whether all the e-mail headers contain the same type Apply BTL3
of information.
14 Decide the roles of Client and Servers in E-mail investigations. Evaluate BTL5
15 Give the e-mail storage format available in Novell Understand BTL 2
Evolution.
16 Analyze howthe Router logs can be used to verify the types of Analyze BTL4
E-mail data?
17 Decide whether you need a search warrant to retrieve Evaluate BTL5
information from a system server.
18 Mention the four places where mobile device information Understand BTL2
might be used.
19 What are the SIMCon’s features? Understand BTL2
Downloaded by ganeSh ([email protected])
 lOMoARcPSD|15171841

20 Create steganography.isolate a mobile device from incoming Create BTL6

signals and in what way it is related to MVNO(Mobile Virtual
Network Operator?
PART-B
1 Discuss how will you validate the forensic data using: Understand BTL2
(i) Validating the hexadecimal (7)
(ii) Validating with Computer Forensics Programs (6)
2 Examine in detail the techniques used for Addressing Data (13) Remember BTL1
Hiding.
3 Describe the process of performing remote acquisition in detail (13) Remember BTL1
4. Explain the following terms in detail:- (7) Evaluate BTL4
(i) Securing a Network (6)
(ii) Performing Live Acquisitions
5 Generalize the roles of the following term in investigations:- (5) Create BTL 6
(i) Network Forensics (4)
(ii) Cell Phone Device Forensics (4)
(iii) Order of Volatality
6 Explain briefly about the following terms in detail:- (7) Analyze BTL4
(i) Examining and copying E-mail Messages (6)
(ii) Copying an E-mail Message
7 Describe the process of investigating email crimes and (13) Understand BTL 2
violation.
8 Describe in detail about using specialized E-mail Forensics (7) Remember BTL 1
Tools. (6)
9 Examine the following e-mail server logs: (7) Remember BTL 1
(i) UNIX E-mail server Logs (6)
(ii) Microsoft E-mail Server Logs
10 Analyze how mobile devices play a crucial role in forensics by : Analyze BTL 4
(i) Basics of mobile Forensics (5) BTL-5
(ii) Inside Mobile Devices (4)
(iii) Inside PDAs (4)
11 Describe in detail about the steps involved in securing a (13) Apply BTL-3
network.
12 Briefly explain how the following roles are applied in Apply BTL3
investigations:-
(i) E-mail in investigations (7)
(ii) E-mail in Client and Server (6)
13 Give a brief description of the following data-hiding Understand BTL2
techniques:
(i) Hiding Partitions (5)
(ii) Bit-Shifting (4)
(iii) Marking Bad Clusters (4)
14 Explain in detail about validating and testing Forensics (13) Analyze BTL-4
Software.
PART C
1 Develop Standard Procedures for Network Forensics and (15) Create BTL6
explain the working of any one network tool.

Downloaded by ganeSh ([email protected])

 lOMoARcPSD|15171841

2 You are using Disk Manager to view primary and extended Evaluate BTL 5
partitions on a suspects drive. The program reports the extended
partitions total size as larger than the sum of the sizesof logical
partitions in the extended partition. Evaluate the following
terms when :-
(3)
(i) Disk is Corrupted (3)
(ii) There is no hidden Partition. (3)
(iii) Nothing: this is what you’d expect to see. (3)
(iv) The drive is formatted incorrectly. (3)
(v) Password is Unknown.
3 To analyze e-mail evidence, an investigator must be (15) Analyze BTL4
knowledgeable about an e-mail server’s internal operations.
True or False?Justify your answer with suitable usecases.
4 When acquiring a mobile device at an investigation scene, you (15) Evaluate BTL5
should leave it connected to a PC so that you can observe
synchronization as it takes place. True or False? Justify your
answer.

UNIT IV
ETHICAL HACKING
Introduction to Ethical Hacking - Footprinting and Reconnaissance - Scanning Networks - Enumeration -
System Hacking - Malware Threats - Sniffing
PART-A
Q.No Questions BT Level Competence
1 What is information warfare? What are its type? Explain. Remember BTL1
2 What is hacking? What is ethical hacking? What are the effects of Remember BTL1
hacking on business?
3 What is defence in depth? Explain. Remember BTL1
4 What countermeasures can be taken against footprinting? Remember BTL1
5 What are the uses of hiding file extension from web pages? Remember BTL1
6 What is NETBIOS? What is NetBIOS enumeration? Explain. Remember BTL1
7 Discuss the different IPV6 security threats Understand BTL 2
8 Discuss what is Hactivism? Understand BTL 2
9 Describe website footprinting. Understand BTL 2
10 Discuss DNS footprinting. Understand BTL 2
11 Examine ACK flag scanning. Apply BTL3
12 Experiment vulnerability scanning? What can it detect? Apply BTL3
13 Show how keyloggers used to steal passwords? Explain Apply BTL3
14 Explain any 5 footprinting tools. Analyze BTL 4
15 Explain footprinting using google. Analyze BTL 4
16 How can we defend against password cracking? Explain. Analyze BTL 4
17 Explain the classification of steganography. Evaluate BTL 5
18 Prepare the information security policies. Explain the structure and Evaluate BTL 5
contents of security policies.
19 Compare hacking and ethical hacking. What are the effects of hacking Create BTL 6
on business?
20 How do attackers plan and use remote keyloggers? Explain. Create BTL 6
PART-B
1 Describe the following terms with respect to Ethical Hacking Understand BTL 2
(i) Hack Value, Exploit and Vulnerability (7)
(ii) Target Evaluation , Zero day attack and Daisy Chaining (6)

Downloaded by ganeSh ([email protected])

 lOMoARcPSD|15171841

2 (i) Classify the categories of information security threat. (7) Apply BTL3
(ii) Explain each category in detail (6)
3 What are the different attack vectors through which the attacker can (13) Remember BTL1
attack information system? Explain.
4. (i)What are the different types of attack on a system? (7) Remember BTL1
(ii)Explain each in detail. (6)
5 What is footprinting? Explain the following terminologies: Remember BTL1
(i) Open source or passive information gathering and Anonymous (7)
footprinting
(ii) Organizational or private footprinting and Active information (6)
gathering
6 (i) What is network scanning? What are different types of scanning? (7) Remember BTL1
(ii) What are objectives of network scanning? (6)
7 (i) Describe SMTP enumeration? (7) Understand BTL 2
(ii) What are the commands used for NTP enumeration? (6)
8 Describe different types of spywares? Explain print spyware and 13 Understand BTL 2
cellphone.
9 (i) Apply ethical hacking to stop crime and why is it necessary? (7) Apply BTL3
(ii) Explain the scope and limitation of ethical hacking. (6)
10 Compare IPV4 and IPV6 network scanning. 13 Analyze BTL 4
11 Explain different types of spywares, Email and Internet spyware. 13 Analyze BTL 4
12 Explain the different steganography techniques. 13 Analyze BTL 4
13 How can image, text, audio and video steganography be detected? 13 Evaluate BTL 5
Design.
14 (i) Design a method How can proxy server be used for attacks? (7) Create BTL 6
(ii) What is proxy chaining? (6)
PART C
1 Compare Nmap and Hping2/3. 15 Evaluate BTL 5
2 Compare MAC spoofing and IRDP spoofing. How can we defend 15 Evaluate BTL 5
against them?
3 Develop an application where session hijacking can be done. What 15 Create BTL 6
are the steps to hijack a session? What are the dangers posed by
hijacking a session?
4 Create an environment where Man-in-the-middle and man-in-the- 15 Create BTL 6
browser attacks can be used.
How can brute force be used for session hijacking?
UNIT V
UNIT V ETHICAL HACKING IN WEB
Social Engineering - Denial of Service - Session Hijacking - Hacking Web servers - Hacking Web Applications
– SQL Injection - Hacking Wireless Networks - Hacking Mobile Platforms.
PART-A
Q.No Questions BT Level Competence
1 Define smurf attack? Remember BTL1
2 What is meant by Zombie? Remember BTL1
3 Diffentiate ‘LAND attack’ and ‘SMURF attack’. Understand BTL 2
4 Pointout which of the tools is only for Sun Solaris systems. Analyze BTL 4
5 Show how does a Denial of Service attack work? Apply BTL 3
6 Illustrate the importance of Ping of Death?. Apply BTL3
7 Interpret the goal of a Denial of Service attack? Understand BTL2
8 Express the types of HTTP web authentication? Understand BTL2
9 Classify different types of Computer Forensics Technologies. Apply BTL 3
10 Analyze the types of packets are sent to the victim of a session- Analyze BTL 4
hijacking attack to cause them to close their end of the connection?
Downloaded by ganeSh ([email protected])
 lOMoARcPSD|15171841

11 Entering Password::blah’ or 1=1- into a web form in order to get a Evaluate BTL 5
password is an example of what type of attack?.
12 Define the term ‘WEP’. Remember BTL 1
13 Why are many programs vulnerable to SQL injection and buffer Analyze BTL4
overflow attacks?
14 List the two types of buffer overflow attacks? Remember BTL 1
15 Create the first step in a SQL injection attack? Create BTL 6
16 Express about what makes WEP crackable? Understand BTL 2
17 Which form of encryption does WPA use? Remember BTL1
18 How authentication does WPA2 use? Create BTL6
19 Define Google hacking. Remember BTL1
20 Assess Web application threats? Evaluate BTL 5
PART-B
1 Analyze the different types of DoS attacks. (13) Analyze BTL 4
2 Explain in detail about BOTs/BOTNETs work and mention the (13) Analyze BTL 4
points of differences between them.
3 Summarize in detail about SMURF attack and SYN flooding. (13) Understand BTL 2
4. Point out the countermeasures of Dos/DDos. (13) Analyze BTL 4
5 Examine the roles of the following terms in detail Apply BTL 3
Spoofing (7)
Session Hijacking (6)
6 Describe session hijacking in detail and list out the types of session (13) Evaluate BTL 5
hijacking
7 Summarize the following: Understand BTL 2
TCP concepts (7)
Three- way Handshake (6)
8 (i) Describe in detail about the Steps in Performing Session Remember BTL 1
Hijacking? (7)
(ii) Describe How You Would Prevent Session Hijacking (6)
9 (i) What Is SQL Injection? Understand the Steps to Conduct SQL Remember BTL 1
Injection (7)
(ii) Describe SQL Injection Countermeasures (6)
10 Identify the Different Types of Buffer Overflows and Methods of (13) Apply BTL 3
Detection
11 Examine Common website attacks that enable a hacker to deface a (13) Remember BTL 1
website
12 (i) Describe Patch Management Techniques Remember BTL 1
(ii) Write the overview of WEP, WPA Authentication Mechanisms, (7)
and Cracking Techniques (6)
13 Write short notes on: Understand BTL 2
(i) Web application vulnerabilities (7)
(ii) Web application hacking (6)
14 Formulate a plan to get different Web Server Hardening Methods. (13) Create BTL 6
PART C
1 Analyze the concept of anatomy of an attack and explain the stages (15) Analyze BTL 4
of web application attacks
2 Evaluate the problems and challenges of web application threats (15) Evaluate BTL 5
exist on a web server
3 Write brief notes on Create BTL 6
(i)Web-Based Password Cracking Techniques. (5)
(ii)Overview of Wireless Sniffers (5)
(iii)Understand Wireless Hacking Techniques (5)

Downloaded by ganeSh ([email protected])

 lOMoARcPSD|15171841

4 (i) Recommend the countermeasures for Understand Web (8) Evaluate BTL 5
Application (7)
(ii) Describe the Methods Used to Secure Wireless Networks

Downloaded by ganeSh ([email protected])