Register No.

SNS COLLEGE OF ENGINEERING

Kurumbapalayam(Po), Coimbatore 641 107
Accredited by NAAC-UGC with A Grade
Approved by AICTE & Affiliated to Anna University, Chennai

INTERNAL ASSESMENT EXAMINATIONS - III

COURSE: B.Tech Information Technology
CS6004 Cyber Forensics
Sem &Class: VIII & IV IT Date: 12th April 2017
Duration: 3 Hours Maximum: 100 Marks

Answer ALL questions

PART A - (10 X 2 = 20 marks)

1. Pointout the three types of field kit to be used in a crime scene.
2 CO - 4 K-4
2. Assess what materials you would collect to complete your analysis and
2 CO - 4 K-5
processing of a scene?
3. How will you create New Technology File System?
2 CO - 4 K-6
4. Show the five major categories refining data analysis and recovery functions
2 CO - 4 K-3
in computer forensic tools.
5.
Pointout the tools used in validation and discrimination in Forensics. 2 CO - 4 K-4
6. Pointout whether password recovery is included in all the Computer Forensic
2 CO - 5 K-4
Tools is used or not. Why?
7. Show the guidelines for identifying stegnography files.
2 CO - 5 K-4
8.
How will you generalize the three modes of Protection used? 2 CO - 5 K-6
9.
Decide the roles of Client and Servers in E-mail investigations. 2 CO - 5 K-5
10.
How will you isolate a mobile device from incoming signals? 2 CO - 5 K-6

PART B - (5 X 16 = 80 marks)
1. (a) Illustrate how will the processing of an incident or a crime scene 16 CO - 4 K-3
(i)
takes place in cyber forensics.
OR
(b) (i) Explain in detail about how the understanding of File Systems plays
16 CO - 4 K-4
a crucial role in cyber forensics.

2. (a) (i) Explain in detail about the following : 8+8 CO - 4 K-5

(i) Computer Forensics Software Tools
(ii) Computer Forensics Hardware Tools
OR
(b) (i) Formulate the idea behind using the following tools in forensics : 8+8 CO - 4 K-6
(i) Exploring Windows Registry
(ii) Examining the Windows Registry
3. (a) (i) Examine the MS-DOS Startup Tasks and about other Disk Operating 16 CO - 4 K-2
Systems in Detail
OR
(b) (i) Briefly generalize the roles of the following term in investigations: 8+8 CO - 5 K-6
(i) E-mail in investigations
(ii) E-mail in Client and Server

4. (a) (i) Discuss how will you validate the forensic data using: 8+8 CO - 5 K-2
(i) Validating the hexadecimal Editors
(ii) Validating with Computer Forensics Programs
OR
(b) (i) Examine in detail the techniques used for Addressing Data Hiding. 16 CO - 5 K-1

5. (a) (i) Explain the following terms in detail:- 8+8 CO - 5 K-4

(i) Securing a Network
(ii) Performing Live Acquisitions
OR
(b) (i) Assess how mobile devices play a crucial role in forensics by : 8+4 CO - 5 K-5
(i) Basics of mobile Forensics +4
(ii) Inside Mobile Devices
(iii) Inside PDAs

*****
 Register No.

SNS COLLEGE OF ENGINEERING

Kurumbapalayam(Po), Coimbatore 641 107
Accredited by NAAC-UGC with A Grade
Approved by AICTE & Affiliated to Anna University, Chennai

INTERNAL ASSESMENT EXAMINATIONS - III

COURSE: B.Tech Information Technology
CS6004 Cyber Forensics
Sem &Class: VIII & IV IT Date: 12th April 2017
Duration: 3 Hours Maximum: 100 Marks

Answer ALL questions

PART A - (10 X 2 = 20 marks)

1 Pointout the three types of field kit to be used in a crime scene. 2 CO - 4 K-4
2 Express the meaning of the term Zoned Bit Recording (ZBR). 2 CO - 4 K-2
3 How will you create New Technology File System? 2 CO - 4 K-6
4 Give the meaning of the term Virtual Cluster Number 2 CO - 4 K-5
5 How will you generalize the utility of National Software Reference Library? 2 CO - 4 K-6
6 Pointout the Shareware Programs for Remote Acquisitions. 2 CO - 5 K-4
7 Show the guidelines for identifying stegnography files. 2 CO - 5 K-4
8 How will you generalize the three modes of Protection used? 2 CO - 5 K-6
Decide whether you need a search warrant to retrieve information from a
9 2 CO - 5 K-5
system server.
10 How will you isolate a mobile device from incoming signals? 2 CO - 5 K-6

PART B - (5 X 16 = 80 marks)
1. (a) Illustrate how will the processing of an incident or a crime scene 16 CO - 4 K-3
(i)
takes place in cyber forensics.
OR
(b) (i) Demonstrate the following :-
(i) How will you obtain a Digital Hash? 12+
CO - 4 K-3
(ii) Conducting the investigation: Acquiring Evidence with 4
Access Data FTK

2. (a) (i) Explain in detail about the following : 8+8 CO - 4 K-5

(iii) Computer Forensics Software Tools
(iv) Computer Forensics Hardware Tools
OR
(b) (i) Analyze how the following techniques are used : 8+4 CO - 4 K-4
(i) Processing Data Centers with RAID systems +4
 (ii) Documenting Evidence in the Lab
(iii) Processing and Handling Digital Evidence

3. (a) (i) Examine the MS-DOS Startup Tasks and about other Disk Operating 16 CO - 4 K-2
Systems in Detail
OR
(b) (i) Explain briefly about the following terms in detail: 2+8 CO - 5 K-4
(i) Examining E-mail Messages +6
(ii) Copying an E-mail Message
(iii) Viewing an E-mail Headers

4. (a) (i) Discuss how will you validate the forensic data using: 8+8 CO - 5 K-2
(iii) Validating the hexadecimal Editors
(iv) Validating with Computer Forensics Programs
OR
(b) (i) Examine the following techniques used in Forensics : 4+4 CO - 5 K-3
(i) Steganography to hide Data +4+
(ii) Examining Encrypted Files 4
(iii) Recovering Passwords
(iv) Access Data Tools with Password and Encrypted Files

5. (a) (i) Describe Remote Acquisitions when used with 8+4 CO - 5 K-1
(i) Runtime Software +4
(ii) Preparing Disk Explorer and HDHOST
(iii) Remote Connection with Disk Explorer
OR
(b) (i) Assess how mobile devices play a crucial role in forensics by : 8+4 CO - 5 K-5
(iv) Basics of mobile Forensics +4
(v) Inside Mobile Devices
(vi) Inside PDAs

*****