Scribd
Upload
10 views

NETWORK SECURITYa

The document is an exam for a course on network security. It contains 5 questions regarding computer and mobile device forensics. Question 1 has 6 parts asking about functions of mobile operating systems, differences between computer/network forensics, responsibilities at a crime scene, things criminals can do with phones, importance of licensed forensics software, and steps in a wireless investigation. Questions 2-5 each contain multiple parts about topics such as computer forensics terminology, email investigations, mobile forensics challenges, investigating a sabotage case study, documenting crime scenes, acquiring data from devices, and features of forensics tools.

Uploaded by

allannjiraini
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
10 views

NETWORK SECURITYa

The document is an exam for a course on network security. It contains 5 questions regarding computer and mobile device forensics. Question 1 has 6 parts asking about functions of mobile operating systems, differences between computer/network forensics, responsibilities at a crime scene, things criminals can do with phones, importance of licensed forensics software, and steps in a wireless investigation. Questions 2-5 each contain multiple parts about topics such as computer forensics terminology, email investigations, mobile forensics challenges, investigating a sabotage case study, documenting crime scenes, acquiring data from devices, and features of forensics tools.

Uploaded by

allannjiraini
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

UNIVERSITY EXAMINATIONS: 2018/2019

EXAMINATION FOR THE DEGREE OF BACHELOR OF APPLIED


COMPUTING

BAC5110 NETWORK SECURITY

FULL TIME/PART TIME

DATE: DECEMBER, 2018 TIME: 2 HOURS

INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.

QUESTION ONE [30 MARKS]


a) State any four functions of a mobile operating system. 4 Marks
b) Differentiate between the following terminologies:
(i) Computer forensics and network forensics 2 Marks
(ii) Imaging and copying of a drive. 2 marks

c) State any five responsibilities of a technical advisor at a crime scene. 5 Marks


d) State any four things that a criminal can do with mobile phones 4 Marks
e) You are a law enforcement officer and your budget is tight. Discuss why it is important
that all the forensics software you use should be licensed and registered and you should as much
as possible avoid using freeware. 6 Marks

f) Outline the steps required in conducting a successful wireless investigation.


7 Marks
QUESTION TWO [20 MARKS]
a) Explain the following terminologies as used in computer forensics:
(i) Acquisition 1 Mark
(ii) Extraction 1 Mark
(iii) Validation 1 Mark

1
b) As a computing investigator, you receive a call from your boss asking you to fulfill the
discovery demands from Company B’s lawyers to locate and determine whether the e-mail
messageon Mr. Jones’s computer is real or fake. Because it’s an e-mail investigation, not a major
crime involving computers, you’re dispatched to Company A. When you get there, you find
Mr. Jones’s computer powered on and running Microsoft Outlook. The discovery order
authorizes you to recover only Mr. Jones’s Outlook e-mail folder, the .pst file. You aren’t
authorized to do anything else. What steps would you follow in completing this task?
6 Marks
c) (i) What does Mobile Forensics involve? 2 Marks
(ii) What are the Mobile Forensics challenges? 4 Marks
d) Outline any five precautions to be taken before investigating a mobile device.
5 Marks

QUESTION THREE [20 MARKS]


Keith Robertson works in Sancong Mobile Manufacturing Company in Barcelona, Spain. The
company designs mobile phone interfaces and GUI for popular vendors. Sancong has become a
market leader in its segment within a very short span of time. Keith was involved in the design of
the latest Motorola Razor phone. He managed to design a GUI interface for the phone which
rivaled Apple’s iPod designs. The company used Maya 3d application to design the work. He
was proud of his design and had secretly planned to offer the design to Sancong’s competitors.
He contacted Sancongs’s competitor Jentech and struck a deal for selling them the design. A
week later, Keith tendered his resignation and left Sancong. Sancong’s engineers were shocked
to notice many of the mobile phone designs in the Keith’s computer were missing. Millions of
dollars were spent on research and development of these designs, especially the new Motorola
Razor phone design. Keith had sabotaged the designs before he left the company. Keith’s system
was never backed up due to high confidential nature of the work. Only Keith had access to these
designs.
The CEO of Sancong Mr. Julian Rod was very disturbed. Sancong planned to patent the designs,
so that they can license the technology to mobile telephone manufacturers around the world. The
company stands to lose millions of dollars if the designs are leaked out.
Mr. Julian Rod has read success stories of computer forensics investigation around the world. He
hired you, a CHFI and CEH certified professional, to investigate and provide evidence of Keith’s
sabotage, and retrieve the data.

a) You visited Keith’s desk and removed the hard disk carefully from his Dell Dimension
372 office computer. You placed the hard disk carefully in an anti-static bag and transported it to
the forensics laboratory. What are the first two things you will do in the forensics laboratory?
4 Marks
b) You load the bit-stream image in the FTK toolkit and searched for the Maya 3D graphic
design files. FTK search shows you no results. You search for deleted data, deleted partitions and
slack space. FTK again shows no results. The other files are intact without any corruption except
the missing Maya 3D files. FTK shows that there are 11,200 files present in the hard disk. How
do you proceed from here? 4 Marks
c) In your search you find out that there is a file that is used to permanently wipe data from
the computer. Proceed from here and create evidence that would convict Keith. 12 Marks

2
QUESTION FOUR [20 MARKS]
a) Outline the procedure for documenting the crime scene and preserving evidence.
6 Marks
b) Describe the methods you would use to identify a mobile device. 6 Marks
c) How do you acquire data from an unobstructed mobile device? 3 Marks
d) How do you acquire data from obstructed mobile devices? 5 Marks.

QUESTION FIVE [20 MARKS]


a) MOBILedit! Forensic is a mobile forensics tool. What are its features? 4 Marks
b) Discuss the methodologies used to detect wireless connections. 6 Marks
c) Describe the steps followed in discovering Wi-Fi networks using Wardriving.
6 Marks
d) State any four features of a good wireless forensics tool. 4 Marks

You might also like