UNIVERSITY EXAMINATIONS: 2018/2019
EXAMINATION FOR THE DEGREE OF BACHELOR OF SCIENCE IN
INFORMATION TECHNOLOGY
BCT3204 COMPUTER FORENSICS
FULL TIME/PART TIME/DISTANCE LEARNING
DATE: APRIL 2019 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE [30 MARKS]
a) Describe a 5-Tuple and its significance in the computer Forensics field. (6 Marks)
b) i) What is the importance of Hashing in Computer Forensics? (2 Marks)
ii) Name 2 hashing algorithms that can be utilized in computer forensics. Give a practical
example of its application and a tool used in hashing. (4 Marks)
a) i) What is a file on a hard disk that is used to provide space for programs that have been
transferred from the processor’s memory? (2 Marks)
ii) Provide four types of non-volatile memory information that a computer forensics
investigator might collect. (4 Marks)
iii) Provide two comparisons of volatile versus non-volatile information. (4 Marks)
c) i) What is Meta Data? (2 Marls)
ii) Describe its importance in Computer Forensics. (4 Marks)
iii) Provide two examples of Meta Data. (2 Marks)
QUESTION TWO [20 MARKS]
In hacking, attackers can use several techniques to compromise a system. SQL injection may be
the most common.
a) i) What is an SQL injection? (2 Marks)
ii) Name 2 types if SQL injection attacks (2 Marks)
iii) Identify at least 2 categories of SQL attacks that can be investigated in digital
forensics (2 Marks)
b) How would you go about investigating this type of crime? (6 Marks)
c) Describe a networking tool you would use to uncover a vulnerability that could be
exploited by an SQL injection attack. (4 Marks)
d) List 4 other types of computer crimes (4 Marks)
QUESTION THREE [20 MARKS]
Virtual ports are normally created by computers and applications to identify unique end-to-end
connections. Hackers take advantage of vulnerabilities presented by some of these ports to
launch an attack.
a) i) Name 2 ports you would consider important in an investigation. (2 Marks)
ii) Which protocol is often used by attackers in reconnaissance and scanning that can help a
computer forensics investigator pinpoint a possible information gathering query?
(2 Marks)
iii) What type of information can an attacker gather from this process? (2 Marks)
b) Describe how an attacker would take advantage of the vulnerability on one of your named
ports (6 Marks)
c) Describe a tool you would use to investigate an attack on one of these ports and how you
would use the tool to map the attack or uncover forensic evidence in your investigation.
(8 Marks)
QUESTION FOUR [20 MARKS]
a) Describe cryptography as it pertains to computer and digital forensics (4 Marks)
b) Identify a type of cipher which each technique is most effective upon. (6 Marks)
c) What is Steganography and how is this useful in the investigation of a Digital Crime?
(4 Marks)
d) Compare and contrast the difference between compression versus encryption of data in
Digital Forensics (6 Marks)
QUESTION FIVE [20 MARKS]
a) Describe these parts and what they contain. (6 Marks)
b) i) Identify 3 common methods of faking e-mails and describe what we look for as
forensics investigators in each identified method. (9 Marks)
ii) List 5 tools you might use in an email forensics investigation covered in our
coursework (5 Marks)