 |
DFM811S - DIGITAL FORENSICS MANAGEMENT - 1ST OPP - JUNE 2024 |
|
|
1 Page 1 |
▲back to top |
nAmlBIA UnlVERSITY
OFSCIEnCEAno TECHnOLOGY
FACULTYOF COMPUTING AND INFORMATICS
DEPARTMENT OF CYBERSECURITY
QUALIFICATION: BACHELOROF COMPUTERSCIENCEHONOURS (DIGITAL FORENSICS)
QUALIFICATIONCODE: 08BHDF
LEVEL:8
COURSE:DIGITAL FORENSICSMANAGEMENT
DATE:JUNE 2024
COURSECODE:DFM811S
PAPER:THEORY
DURATION: 3HOURS
MARKS: 100
EXAMINER(S)
MODERATOR:
FIRSTOPPORTUNITYEXAMINATION QUESTION PAPER
MR. JULIUSSILAA
PROF.AMELIA PHILLIPS
THIS QUESTIONPAPERCONSISTSOF 2 PAGES
(Excluding this front page)
INSTRUCTIONS
1. Answer ALL the questions on the answer scripts.
2. Write clearly and neatly.
3. Number the answers clearly.
PERMISSIBLEMATERIALS
1. Calculator.
|
|
2 Page 2 |
▲back to top |
Question 1
In digital forensic investigation, there are five core areas of concern namely: integrity of
evidence, extraction, interpretation of evidence, documentation, and rule of evidence.
Discusseach of these areas of concern.
(10 marks)
Question 2
A closer look at Network forensic investigation reveals that the procedure for collection,
preservation, documentation e.t.c can be very cumbersome if compared to ordinary
computer forensics investigations. Discuss how the following can pose challenges during a
network forensics investigation.
(12 marks)
a) Search warrant
b) Required time for evidence collection.
c) Byte by byte copy of network computer
Question 3
Digital forensics investigations can be categorized according to public-sector and private-
sector themes.
a) Provide any three common examples of investigation in a private-sector environments
(3 marks)
b) Unlike public sector investigation and prosecution which are more criminal or civil in
nature, what is the main focus in private sector investigations?
(2 marks)
c) As a forensic expert, what precaution should you exercise in any investigation involving
private sector?
(3 marks)
Question 4
a)Contrast traditional discovery from eDiscovery process
(4 marks)
b)Discussthe following eDiscovery concepts and how each apply to civil investigation.
i. Legal hold
ii. Request for Production
iii. IGRM
iv. Spoliation
V. Technology Assisted Review
(10 marks)
c)Funnel model is a historic model of eDiscovery. What is the ultimate goal of determining
eDiscovery scope and how can the Reverse Funnel model be applied to determine
targeted and broad eDiscovery scope?
(8 marks)
Page 1 of 2
|
|
3 Page 3 |
▲back to top |
Question 5
a) Ethical conduct is fundamental to maintaining the credibility and reliability of digital
forensic investigations. Digital forensic professionals should adhere to these ethical
principles to ensure that their work serves justice, protects privacy, and upholds the rule
of law. Discussany four ethical misconduct a certified computer examiner "will never"
do.
(8 marks)
b) Jason Daubert proposes five key questions (a.k.a Daubert Criteria for admissibility)
which set a good starting point for drafting forensics validation reports for tools,
techniques and methods that will hold up in a court of law. Briefly outline these five (5)
questions.
(10 marks)
Question 6
Write a well-structured one-page essay about Anti-Forensics. Your essay should among
other things provide a short background of Anti-Forensics, at least 10 Anti-Forensics
techniques and methods, summarize the key challenges of each technique and method,
and propose possible investigative tactics for handling these challenges.
(30 marks)
.... ''
"i'• 1.
Page 2 of2