ITC597 Digital Forensics – SAMPLE EXAM ONLY
This paper is for Distance Education (Distance), Port Macquarie, Study Centre Sydney and Study Centre Melbourne students.
NO REFERENCE MATERIALS PERMITTED
No calculator is permitted No dictionary permitted
WRITING TIME: 2 hours plus 10 minutes reading time
Writing is permitted during reading time
MATERIALS SUPPLIED BY UNIVERSITY:
N/A – This is online exam.
MATERIALS PERMITTED IN EXAMINATION:
(No electronic aids are permitted e.g. laptops, calculators, phones) NUMBER OF QUESTIONS: Five (05)
INSTRUCTIONS TO CANDIDATES:
- This is online exam. There are total five (05) questions in the exam. Each question is worth 10 marks. There are total 50 marks for the exam.
- You MUST pass the final exam (i.e. obtain at least 50% marks or more) to pass the subject.
Note: There are total FIVE (05) questions. Each question has 10 marks and there are total 50 marks for the exam. Attempt all questions and answers should contain your own understanding, thinking, evaluation and analyses.
In topic 1 of this subject, you learnt about the investigations triangle that emphasis on the role of other fields with digital forensics. Explain in your own words, the functions and responsibilities of each group from each side of the triangle. Why do you think it is important for these three groups to work as a team for an organisation?
A2Z Forensics is a digital forensics investigation firm that conducts forensic investigations for public as well as private sectors. You are working in this firm as a forensics specialist for a number of years now. The firm is establishing a new forensics lab to meet the future requirements. You have been asked to prepare a business case for this new lab. Your job is to focus on three aspects of the new lab which are hardware, software and lab security. Based on the knowledge of topic 2, prepare a brief business case, summarise and justify the equipment (both hardware and software) you recommend for this new lab that will meet future requirements. Also, briefly explain the security measures you recommend for this new lab.
As a private sector investigator, you are investigating an important case for an office. You have been given access to the office computer network and the computers that may contain some important information related to the case. You are allowed to speak the network administrator. In this scenario, what data acquisition method will you prefer to use? Justify your answer.
Also, outline the problems you expect to encounter and explain how to rectify them describing your solution. Identify any potential customer privacy issues that should be considered.
A2Z Forensics has hired you to investigate an email that has been received by one of their employee. This email looks suspicious to the company and they want to know the information such as from where and when this email was generated and also any other related information.
They have provided you the email header as shown in the figure below. You have been asked to analyse this email header and describe the information while evaluating this header file. The company also wants to trace back the origin of this email. In this scenario, what would you recommend the company in order to trace back this email?
Figure for Question 4: An e-mail header with line numbers added (The e- mail addresses are not real addresses.)
Assume you have been given a scrambled text file with some hidden text data similar to the one in your assessment. What will be the best method that you will use to unscramble the file and why would you choose this method? Justify your answer. [5 marks]
You have collected a digital evidence from a crime scene and calculated its hash value using WinHex editor with MD5 algorithm. You have stored the evidence in a forensics lab. After a week, when you started analysing the evidence, you again calculated the hash value of the evidence using Autopsy and with SHA-1 algorithm. You found that the hash value of the evidence is now changed. Describe why the hash value now is different than the one you calculated when you acquired the evidence? [5 marks] END OF EXAMINATION
Get expert help for ITC597 Digital Forensics and many more. 24X7 help, plag free solution. Order online now!