BAC5211  WIRELESS  MOBILE FORENSICS .

UNIVERSITY EXAMINATIONS: 2018/2019
EXAMINATION FOR THE DEGREE OF BACHELOR OF APPLIED
COMPUTING
BAC5211 WIRELESS & MOBILE FORENSICS
FULL TIME/PART TIME
DATE: DECEMBER, 2018 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.

QUESTION ONE [30 MARKS]
a) State any four functions of a mobile operating system. 4 Marks
b) Differentiate between the following terminologies:
(i) Computer forensics and network forensics 2 Marks
(ii) Imaging and copying of a drive. 2 marks
c) State any five responsibilities of a technical advisor at a crime scene. 5 Marks
d) State any four things that a criminal can do with mobile phones 4 Marks
e) You are a law enforcement officer and your budget is tight. Discuss why it is important
that all the forensics software you use should be licensed and registered and you should as much
as possible avoid using freeware. 6 Marks
f) Outline the steps required in conducting a successful wireless investigation.
7 Marks
QUESTION TWO [20 MARKS]
a) Explain the following terminologies as used in computer forensics:
(i) Acquisition 1 Mark
(ii) Extraction 1 Mark
(iii) Validation 1 Mark
b) As a computing investigator, you receive a call from your boss asking you to fulfill the
discovery demands from Company B’s lawyers to locate and determine whether the e-mail
messageon Mr. Jones’s computer is real or fake. Because it’s an e-mail investigation, not a major
crime involving computers, you’re dispatched to Company A. When you get there, you find Mr.
Jones’s computer powered on and running Microsoft Outlook. The discovery order authorizes you
to recover only Mr. Jones’s Outlook e-mail folder, the .pst file. You aren’t authorized to do
anything else. What steps would you follow in completing this task?
6 Marks
c) (i) What does Mobile Forensics involve? 2 Marks
(ii) What are the Mobile Forensics challenges? 4 Marks
d) Outline any five precautions to be taken before investigating a mobile device.
5 Marks
QUESTION THREE [20 MARKS]
Keith Robertson works in Sancong Mobile Manufacturing Company in Barcelona, Spain. The
company designs mobile phone interfaces and GUI for popular vendors. Sancong has become a
market leader in its segment within a very short span of time. Keith was involved in the design of
the latest Motorola Razor phone. He managed to design a GUI interface for the phone which
rivaled Apple’s iPod designs. The company used Maya 3d application to design the work. He was
proud of his design and had secretly planned to offer the design to Sancong’s competitors. He
contacted Sancongs’s competitor Jentech and struck a deal for selling them the design. A week
later, Keith tendered his resignation and left Sancong. Sancong’s engineers were shocked to notice
many of the mobile phone designs in the Keith’s computer were missing. Millions of dollars were
spent on research and development of these designs, especially the new Motorola Razor phone
design. Keith had sabotaged the designs before he left the company. Keith’s system was never
backed up due to high confidential nature of the work. Only Keith had access to these designs.
The CEO of Sancong Mr. Julian Rod was very disturbed. Sancong planned to patent the designs,
so that they can license the technology to mobile telephone manufacturers around the world. The
company stands to lose millions of dollars if the designs are leaked out.
Mr. Julian Rod has read success stories of computer forensics investigation around the world. He
hired you, a CHFI and CEH certified professional, to investigate and provide evidence of Keith’s
sabotage, and retrieve the data.
a) You visited Keith’s desk and removed the hard disk carefully from his Dell Dimension 372
office computer. You placed the hard disk carefully in an anti-static bag and transported it to the
forensics laboratory. What are the first two things you will do in the forensics laboratory?
4 Marks
b) You load the bit-stream image in the FTK toolkit and searched for the Maya 3D graphic
design files. FTK search shows you no results. You search for deleted data, deleted partitions and
slack space. FTK again shows no results. The other files are intact without any corruption except
the missing Maya 3D files. FTK shows that there are 11,200 files present in the hard disk. How do
you proceed from here? 4 Marks
c) In your search you find out that there is a file that is used to permanently wipe data from
the computer. Proceed from here and create evidence that would convict Keith. 12 Marks
QUESTION FOUR [20 MARKS]
a) Outline the procedure for documenting the crime scene and preserving evidence.
6 Marks
b) Describe the methods you would use to identify a mobile device. 6 Marks
c) How do you acquire data from an unobstructed mobile device? 3 Marks
d) How do you acquire data from obstructed mobile devices? 5 Marks.
QUESTION FIVE [20 MARKS]
a) MOBILedit! Forensic is a mobile forensics tool. What are its features? 4 Marks
b) Discuss the methodologies used to detect wireless connections. 6 Marks
c) Describe the steps followed in discovering Wi-Fi networks using Wardriving.
6 Marks
d) State any four features of a good wireless forensics tool. 4 Marks

(Visited 76 times, 1 visits today)
Share this: