CS 393 - Computer Forensics

Final Exam

You may use any resource (books, internet, notes, etc) as long as you complete this exam without help from anyone else. You must turn in the this exam by 5:00pm on Friday May 9. Some of these questions may not have an answer - what I am looking for is how you approach the problem and the probability of success of that approach. Be sure to document your sources and take into account the reliability and credibility of these sources. All questions are worth 10 points each. Good luck.

  1. What is your definition of computer forensics? Explain why you included what you did and why you left some things out.
  2. Find two states that have used electronic voting (I'll define this as no per-ballot piece of paper generated) in an election. Describe their process for doing a "re-count". How would you, as a computer forensics expert, attack the results if your client was the loser of the election.
  3. Give the detailed steps you would take to show a file in my aurora home directory was intentionally and knowingly possessed by me. Assume that you have root access and are authorized to do this investigation.
  4. What is /var/tmp/console.log? What OS flavor(s) maintain this file?
  5. In a recent year (preferably 2000, 2001 or 2002) what percentage of federal wiretap requests were approved? Make sure to give your source.
  6. What is salt with respect to passwords? Is salt used anywhere in Windows XP?
  7. What are the pros/cons of management running a password cracker on aurora? What are the dangers of doing this with respect to the DMCA?
  8. Give a sequence of commands that you can use to determine what files are left behind after running a program on a Unix/Linux system.
  9. What is the difference between an evidence file (in EnCase) and a mirror-image copy? What are the pros/cons of each?
  10. What is the difference between a wiretap and a pen register with respect to packet-switched networks?
  11. Today, does a law enforcement officer need a court order to access stored voice mail? unread e-mail? e-mail downloaded and stored on a PC? In other words, if they get this information without the permission of the owner of the data, is it valid in court?
  12. Apple just released iTunes 4 and an on-line music buying service. What DRM (Digital Rights Management) protections are being used?