its in the file attached.
Question 1
a.
The
integrity of digital evidence is an important issue in digital forensic
investigations. In order to track the movement of digital evidence, what
concept is commonly used? Provide some important components of this concept.
b.
What
are the roles of DEFR and DES in digital forensics? Provide a brief description
of each role.
2.
This question has the following two parts.
a.
Digital
evidence plays a crucial role in any digital forensics investigation, therefore
handling digital evidence is an important and significant process. What are the
3 C’s of digital evidence handling? Briefly explain each of them.
b.
List
some of the common data-hiding techniques. What Windows disk partition utility
can be used to hide partitions? Explain the process of bit-shifting.
3.
Question 1 a. The integrity of digital evidence is an important issue in digital forensic investigations. In order to track the movement of digital evidence, what concept is commonly used? Provide some important components of this concept. b. What are the roles of DEFR and DES in digital forensics? Provide a brief description of each role. 2. This question has the following two parts. a. Digital evidence plays a crucial role in any digital forensics investigation, therefore handling digital evidence is an important and significant process. What are the 3 C’s of digital evidence handling? Briefly explain each of them. b. List some of the common data-hiding techniques. What Windows disk partition utility can be used to hide partitions? Explain the process of bit-shifting. 3. Question 3(10 marks) The following figure shows MFT record of a file. Required: Using this figure, answer the following questions: a) What is the start address of this MFT record? (2 marks) b) What is the identifier for start of MFT record? (1 mark) c) At what offset address 0x10 attribute starts? (1 mark) d) At what offset address 0x30 attribute starts? (1 mark) e) At what offset address or addresses file creation time can be found? (2 marks) f) File creation information commonly has 8 bytes in size. Write down the 8 bytes that you think give file creation information. (2 marks) g) What is the offset address of MFT change information?(1 mark) Question 4(10 marks) This question has the following two parts. a) Often during digital forensic investigations, an examiner comes across situations that are not explicitly mentioned in the scope of the search, but they may be situations of interest. In such situations, the examiner needs to inform about that to the superior authorities. What is this concept called? Explain the criteria to apply this concept in the investigations? [2 + 3 = 5 marks b) What are some of the main concerns with the acquisition of mobile devices? Describe the steps to analyse a mobile device. Question 5(10 marks) Read the following case carefully and answer the question: A cloud customer has asked you to do a forensics analysis of data stored on a Cloud Service Provider (CSP) server. The customer’s lawyer explains that the CSP offers little support for data acquisition and analysis but will help with data collection for a fee. The lawyer asks you to explain him what cloud service agreement (CSA) and ‘service level agreement (SLA) you have with the CSP? He also asks you to prepare a list of questions of what you need to know to perform this task. The lawyer plans to use these questions to negotiate for services you will provide in collecting and analysing evidence. Required: a) Explain what are CSA and SAL?(3 marks) b) Provide a list of possible questions you would like to ask the CSP(7 marks) Question 1 a. The integrity of digital evidence is an important issue in digital forensic investigations. In order to track the movement of digital evidence, what concept is commonly used? Provide some important components of this concept. b. What are the roles of DEFR and DES in digital forensics? Provide a brief description of each role. 2. This question has the following two parts. a. Digital evidence plays a crucial role in any digital forensics investigation, therefore handling digital evidence is an important and significant process. What are the 3 C’s of digital evidence handling? Briefly explain each of them. b. List some of the common data-hiding techniques. What Windows disk partition utility can be used to hide partitions? Explain the process of bit-shifting. 3. Question 3(10 marks) The following figure shows MFT record of a file. Required: Using this figure, answer the following questions: a) What is the start address of this MFT record? (2 marks) b) What is the identifier for start of MFT record? (1 mark) c) At what offset address 0x10 attribute starts? (1 mark) d) At what offset address 0x30 attribute starts? (1 mark) e) At what offset address or addresses file creation time can be found? (2 marks) f) File creation information commonly has 8 bytes in size. Write down the 8 bytes that you think give file creation information. (2 marks) g) What is the offset address of MFT change information?(1 mark) Question 4(10 marks) This question has the following two parts. a) Often during digital forensic investigations, an examiner comes across situations that are not explicitly mentioned in the scope of the search, but they may be situations of interest. In such situations, the examiner needs to inform about that to the superior authorities. What is this concept called? Explain the criteria to apply this concept in the investigations? [2 + 3 = 5 marks b) What are some of the main concerns with the acquisition of mobile devices? Describe the steps to analyse a mobile device. Question 5(10 marks) Read the following case carefully and answer the question: A cloud customer has asked you to do a forensics analysis of data stored on a Cloud Service Provider (CSP) server. The customer’s lawyer explains that the CSP offers little support for data acquisition and analysis but will help with data collection for a fee. The lawyer asks you to explain him what cloud service agreement (CSA) and ‘service level agreement (SLA) you have with the CSP? He also asks you to prepare a list of questions of what you need to know to perform this task. The lawyer plans to use these questions to negotiate for services you will provide in collecting and analysing evidence. Required: a) Explain what are CSA and SAL?(3 marks) b) Provide a list of possible questions you would like to ask the CSP(7 marks) Question 1 a. The integrity of digital evidence is an important issue in digital forensic investigations. In order to track the movement of digital evidence, what concept is commonly used? Provide some important components of this concept. b. What are the roles of DEFR and DES in digital forensics? Provide a brief description of each role. 2. This question has the following two parts. a. Digital evidence plays a crucial role in any digital forensics investigation, therefore handling digital evidence is an important and significant process. What are the 3 C’s of digital evidence handling? Briefly explain each of them. b. List some of the common data-hiding techniques. What Windows disk partition utility can be used to hide partitions? Explain the process of bit-shifting. 3. Question 3(10 marks) The following figure shows MFT record of a file. Required: Using this figure, answer the following questions: a) What is the start address of this MFT record? (2 marks) b) What is the identifier for start of MFT record? (1 mark) c) At what offset address 0x10 attribute starts? (1 mark) d) At what offset address 0x30 attribute starts? (1 mark) e) At what offset address or addresses file creation time can be found? (2 marks) f) File creation information commonly has 8 bytes in size. Write down the 8 bytes that you think give file creation information. (2 marks) g) What is the offset address of MFT change information?(1 mark) Question 4(10 marks) This question has the following two parts. a) Often during digital forensic investigations, an examiner comes across situations that are not explicitly mentioned in the scope of the search, but they may be situations of interest. In such situations, the examiner needs to inform about that to the superior authorities. What is this concept called? Explain the criteria to apply this concept in the investigations? [2 + 3 = 5 marks b) What are some of the main concerns with the acquisition of mobile devices? Describe the steps to analyse a mobile device. Question 5(10 marks) Read the following case carefully and answer the question: A cloud customer has asked you to do a forensics analysis of data stored on a Cloud Service Provider (CSP) server. The customer’s lawyer explains that the CSP offers little support for data acquisition and analysis but will help with data collection for a fee. The lawyer asks you to explain him what cloud service agreement (CSA) and ‘service level agreement (SLA) you have with the CSP? He also asks you to prepare a list of questions of what you need to know to perform this task. The lawyer plans to use these questions to negotiate for services you will provide in collecting and analysing evidence. Required: a) Explain what are CSA and SAL?(3 marks) b) Provide a list of possible questions you would like to ask the CSP(7 marks)