 |
CFR712S - COMPUTER FORENSICS - 1ST OPP - JUNE 2023 |
|
|
1 Page 1 |
▲back to top |
'9
nAmlBIA UnlVERSITY
OF SCIEnCE Ano TECHnOLOGY
FACULTY OF COMPUTING AND INFORMATICS
DEPARTMENT OF COMPUTER SCIENCE
QUALIFICATION: BACHELOROF COMPUTER SCIENCE
QUALIFICATION CODE: 07BAC, 07BCMS
LEVEL: 7
COURSE: COMPUTER FORENSICS
COURSE CODE: CFR712S
DATE: JUNE 2023
DURATION: 3 Hours
SESSION: 1
MARKS: 100
EXAMINER (S)
FIRST OPPORTUNITY EXAMINATION QUESTION PAPER
MR. ISAAC NHAMU
MODERATOR
DR. AMELIA PHILLIPS
THIS EXAM QUESTION PAPER CONSISTS OF 2 PAGES
(Excluding this front page)
INSTRUCTIONS
1. Answer ALL the questions on the answer scripts.
2. Write clearly and neatly.
3. Number the answers clearly.
4. When answering questions you should be guided by the allocation of marks in [ ]. Do not give too
few or too many facts in your answers.
PERMISSIBLE MATERIALS
1. Non-programmable calculator.
|
|
2 Page 2 |
▲back to top |
Question 1
Explain how the following are useful in computer forensics:
i. Steganalysis
ii. Raw picture format
iii. The Daubert Standard
iv. ESTMP
V. POP3
[10]
Question 2
a. Compare a sparse to a logical data acquisition technic.
[4]
b. Comment on two ways how the Ext4 file systems helps in digital forensics
investigations as compared to NTFSfile systems.
[4]
c. In what way is the EXIF file format helpful when conducting a digital a forensic
investigation besides providing metadata.
[2]
Question 3
Consider investigating an email abuse at an organisation. Outline five steps you would take
to preserve the evidence in such an investigation.
[10]
Question 4
a. Distinguish between RAM Slack and FILESlack.
[4]
b. You are given the following information about a Windows 10 machine.
Cluster size = 10248, Sector size 648
Given that a file's size is 568B. Given also that the file if store in the Windows 10
machine above. Find the size of
i. File slack
ii. RAM slack that is created by storing such a file {Please show all your work).
[6]
Page 11
|
|
3 Page 3 |
▲back to top |
Question 5
Explain what each of the following computer forensics tools are used for:
[10]
i. HexEditor
ii. Reg Editor
iii. Wireshark
iv. lrfanView
V. Autopsy
Question 6
Identify the five categories of computer forensics tools and explain at least two sub-function
of each category.
[15]
Question 7
Identify the five phases of a digital forensic investigation process and explain in detail what
happens at each phase.
[15]
Question 8
Discuss at least five challenges and at least five opportunities presented by Al to digital
forensics investigations.
[20]
<<<<<<<<END>>>>>>>>
Page I 2