NAME: SHARON CHEBET

REGISTRATION NUMBER: HB100/G/5550/18

UNIT: DIGITAL FORENSICS

UNIT CODE: HFS 2414

1. Discuss the interrelation between digital forensics, digital frauds and law (5
Marks)

Digital forensics is a discipline that combines elements of law and computer science to

collect and analyze data from computer systems, networks, wireless communications and

storage devices in a way that is admissible as evidence in a court of law. Digital fraud is any

act committed by use of digital evidence such as phones, computers or any electronic device

intended to permanently deprive another person property or money through unlawful ways. In

the effort to solve electronic crime such as frauds and to collect relevant digital evidence for

all crimes, the law enforcement agencies are incorporating the collection and analysis of

digital evidence into their infrastructure. The goal of digital forensics investigator is to

identify the perpetrator of a cybercrime, obtain hard evidence against the perpetrator and for

the evidence to be admissible in a court of law.

2. Explain the working and application of Global positioning system in phone

forensics (5 Marks).
 Global positioning system is radio navigating system. It uses radio waves between

satellites and a receiver inside your phone to provide location and time information to any

software that needs to use it. For GPS to work one need to be able to receive data from four or

more of the satellites in orbit that are dedicated for geolocation use. The applications of GPS

include:

i) Location- determining a position

ii) Mapping- creating maps of the world
iii) Tracking- monitoring object or personal movement
iv) Timing- making it possible to take precise time measurements
v) Navigation- getting from one location to another

3. How will you process a digital /electronic crime scene for maximum
evidence collection (5 Marks)?
i) Identification- find the evidence and note where it is stored
ii) Preservation- isolate and preserve the data to prevent people from possibly
tampering with the evidence.
iii) Analysis- reconstruct fragments of data and draw conclusions based on the
evidence found.
iv) Documentation- create a record of all the data to recreate the crime scene.
v) Presentation- summarize and draw conclusion.

4. What is meant by computer system security (5 marks)?

Computer system security is the protection afforded to an automated information

system in order to attain the applicable objectives of preserving the integrity, availability and
confidentiality of information system resources such as hardware, software, firmware,

information/data and telecommunications. The security requirement triad are:

i) Confidentiality- Prevent sensitive information from unauthorized access and

disclosure.
ii) Integrity- it involves guarding against information modifications, including
ensuring information non-repudiation and authenticity.
iii) Availability- this involves ensuring timely and reliable access to and use of
information

5. Discuss the forensic significance of computer networks (5 Marks).

i) Used for monitoring a network for anomalous traffic and identifying intrusions
ii) Used in law enforcement for analysis of captured network traffic- for example
reassembling transferred file, searching for key words and parsing human
communication such as emails or chat sessions.
iii) Utilize a centralized database- using a server-based centralized networking set-
up, this offers many benefits, for example, the information about a crime is
easily retrieved and also new information about crimes is entered.
iv) Access flexibility- for example, when writing a report about a crime forensic
investigator can document the information in a computer and in court he/she can
show the document using a smartphone or tablet. This is possible if the
document resides on a central file server and network includes wireless
connection.
v) Cost effective resource sharing- computer networks enables sharing of resources
among users, for example, in court or police stations resources such as printers,
photocopy machines and scanners can be shared.

6. Elaborate on any five ways from which data can be lost or destroyed in a
computer network (5 Marks).

i) Human error- result in unintentional deletion of data files.

ii) Viruses and malware- it steals and delete swaths of data thus destroying
company functionality.
iii) Hackers and insiders- they can delete and steal any data or even damage the
entire network if they have sufficient access to the system.
iv) Software corruption- improper shutdowns of a computer can corrupt data or
delete your progress.
v) Hard drive formatting- accidental formatting of hard drive can cause loss of
data.