CS 393 - Computer Forensics
You may use any resource (books, internet, notes, etc) as long as
you complete this exam without help from anyone else. You must turn
in the this exam by 5:00pm on Friday May 9. Some of these questions
may not have an answer - what I am looking for is how you approach
the problem and the probability of success of that approach. Be
sure to document your sources and take into account the reliability
and credibility of these sources. All questions are worth 10 points
each. Good luck.
- What is your definition of computer forensics? Explain why
you included what you did and why you left some things out.
- Find two states that have used electronic voting (I'll define
this as no per-ballot piece of paper generated) in an election.
Describe their process for doing a "re-count". How would you,
as a computer forensics expert, attack the results if your client
was the loser of the election.
- Give the detailed steps you would take to show a file in my
aurora home directory was intentionally and knowingly possessed
by me. Assume that you have root access and are authorized to
do this investigation.
- What is /var/tmp/console.log? What OS flavor(s) maintain this
- In a recent year (preferably 2000, 2001 or 2002) what percentage
of federal wiretap requests were approved? Make sure to give your
- What is salt with respect to passwords? Is salt used anywhere
in Windows XP?
- What are the pros/cons of management running a password cracker
on aurora? What are the dangers of doing this with respect to the
- Give a sequence of commands that you can use to determine what
files are left behind after running a program on a Unix/Linux system.
- What is the difference between an evidence file (in EnCase) and
a mirror-image copy? What are the pros/cons of each?
- What is the difference between a wiretap and a pen register with
respect to packet-switched networks?
- Today, does a law enforcement officer need a court order to access
stored voice mail? unread e-mail? e-mail downloaded and stored on a
PC? In other words, if they get this information without the permission
of the owner of the data, is it valid in court?
- Apple just released iTunes 4 and an on-line music buying service.
What DRM (Digital Rights Management) protections are being used?