MERU UNIVERSITY OF SCIENCE AND TECHNOLOGY

P.O. Box 972-60200 – Meru-Kenya.

Tel: +254 (0)799529958, +254 (0)799529959, +254 (0)712524293
Website: www.must.ac.ke Email: info@must.ac.ke

University Examinations 2022/2023

SPECIAL/SUPPLEMENTARY EXAMINATION FOR THE DEGREE OF BACHELOR OF

SCIENCE IN COMPUTER SECURITY AND FORENSICS

CCF 3253: COMPUTER FORENSICS AND SECURITY II

DATE: AUGUST 2023 TIME: 2 HOURS

INSTRUCTIONS: Answer question one and any other two questions

QUESTION ONE (30 MARKS)

a) Highlight the five standard procedures developed for network forensics (5 Marks)
b) Explain the process of validating the forensic data used by computer forensic analysts (6 Marks)
c) Computer forensics experts should offer various levels of service, each designed to suit your
individual investigative needs. Discuss any of the three such services (6 Marks)
d) Explain any two computer forensics hardware tools (4 Marks)
e) Describe the key description areas that must be included in the chain-of-custody record for all
items collected from the digital crime scene (5 Marks)
f) Give any four requirements for establishing a computer forensics laboratory. (4 Marks)

QUESTION TWO (20 MARKS)

a) Describe how a man-in-the-middle attack may be performed on a Wi-Fi network and the
consequences of such an attack. (6 Marks)
b) State any five qualities of a good forensic investigator (5 Marks)
c) Explain the following terms as used in computer forensics (4 Marks)

MUST is ISO 9001:2015 and ISO/IEC 27001:2013 CERTIFIED Page 1

 i. Digital Evidence
ii. Computer Crime
iii. Write blocker
iv. Chain of custody (COC)
d) dd is a tool that can be used for memory acquisition during live forensics. How do we use dd
to dump the memory and what are the problems we face with this technique? (5 Marks)

QUESTION THREE (20 MARKS)

a) In the 1980s, Clifford Stoll arguably became the first person to use forensic techniques to
investigate computer misuse. Discuss any TWO techniques that he used and compare them
with techniques that are currently being used. (6 Marks)
b) Explain the 3As of computer forensics methodologies. (6 Marks)
c) When considering the many sources of digital evidence, it is often useful to categorize
computer systems into three groups. Briefly describe the three different groups of computer
systems as sources of digital evidence. (6 Marks)
d) State two (2) tools that can be used for network forensics (2 Marks)

QUESTION FOUR (20 MARKS)

a) Explain the following computer forensics technology (4 Marks)
i. Remote monitoring of target computers
ii. Theft recovery software for laptops and PCs.
b) Several attempts have been made to develop a classification that would help describe the role
of computers in crime.
i. Describe the four categories of computer-related crime as proposed by Donn Parker.
(8 Marks)
ii. What was the major omission in Parker's categories? (1 Mark)
iii. Briefly explain the classification approach adopted by David Carter as an improvement
upon Parker's categorization of computer-related crime. (4 Marks)
c) Outline three constraints and dangers of live forensics. (3 Marks)

MUST is ISO 9001:2015 and ISO/IEC 27001:2013 CERTIFIED Page 2

QUESTION FIVE (20 MARKS)
a) State any three different types of volatile evidence in computer forensics. (3 Marks)
b) Prisca and Angela are both competitively vying for their company sales executive position. In
order to outwit Angela, Prisca circulated a damaging email to the company executives with an
intention to water down her competitor's image. She opened and used a new email address to hide
her identity. Which forensics tool is suitable for gathering digital evidence in this case? Identify
THREE possible digital evidences that can be retrieved and used against Prisca. (4 Marks)
c) Many of our normal daily activities in life leave a trail of digits. Consider one typical day in your
life as an example. Briefly describe three trails of digits left by your activities. (6 Marks)
d) What the Internet is today was never intended or imagined by those who broke its first ground.
Computers and the Internet have been adapted by criminals in the commission of their crimes.
Describe two current technologies and explain how they have been criminally adapted for
cybercrimes. (4 Marks)
e) Systematically outline any three case details necessary when assessing the case in (b) above
(3 Marks)

MUST is ISO 9001:2015 and ISO/IEC 27001:2013 CERTIFIED Page 3