Reg.

No: 201S O33] 3

Question Paper Code : 1911TE804T

B.E/BTech DEGREE CONTINUØUS ASSESSMENT TEST-II, April 2024

Eighth Semester 4.
Department of Information Technology
1911TE804T - Forensics and Incident Response
Regulations 2019

Time: 90 minutes Maximum: 50 Marks

5.
Course Outcomes: The Student will be able to
CO1: Apply the basics of computer forensics and its terminologies using protocols.
C02 Analyze the security issues in network and transport layer by firewalls.
CO3: Build Cyber Forensics technigue to find the digital forensics. 6.

CO4: Evaluate the units and network traffic using forensics tools.
CO5: Comp are and validate foren sics data in cyber security.
CO6: Evaluate the Investigations techniques to han dle ethical issues.
K1- Remenber K2-Understand K3- Apply K4- Analyse K5 - Evaluate K6-Create

Answer ALL Questions.

PART A-(10 x 1= 10 marks)
A f6le that con tains every bit of information firom the source in a raw bit
stream format.

1.
a) Forensic Duplicate CO3 KI
b) Qualified Duplicate
c) Cyber Duplicate
d) Image Duplicate
Capturing an Image with ProDis cover Basic, Image file will be split in to segments
of

2.
a) 550MB CO3 KI
b) 650MB
c) 750MB
d) 850MB
 MirosotOSs alloonte disk space fror fles by clusters is called as.
) disk eluster
b) NTFS
) FAT
d) drive slnck
A text file containing commands that typically run only at sys tem start up to
enhance the computer's DOSconfiguration is called.
n) lo sy%
b) Config.sy
) Msdos.sys
d) Autocxec bat
Name the tool used in extensive-response field kit
a) Evidene log forms
b) SATA cables
c) Electrical pover strips
d) Permnanent ink marker
involves sortingand searching through allinvestigation data
a) Validation
6 b) Diserimination
c) Verification
d) Sorter
A
well known technique for hiding data by altering the byte values of data is
called
a) Bit alter
b) Bit Locking
c) Bit shifing
d) Bit variance
js u bootable Linux CD intended computer and network forensics
a) Knoppix Security Tools Distribution
b) Utimaco SafeGuard Easy
c) packet sniffers
d) DBXract
Which is not the Mobile foren sics tool?
a) Aucss Data "TK Imager
b) MOBILocdit
c) BitPm
d) SIMcon
 The tile axKoiated with the Vmware is.

) md
COS

PART B-(5x2= 10marks)

1 ve the hierarchy of Contempornry
last any three types of field kit used Cybereriminals.
in crime scone
Define Master boot record (MBR). CO4
14. list out some of the password cracking tools. CO4
13. Deseride bit shifting with an example. CO5
CO6

PART C-(3 x 10= 30 marks)

You've been assigned to leadCompulsory
a computer
Question
investigation
organization where a significant data breach team in a large corporate
has occurred.
l6. the systematic approach you would employ to conduct the Describe. in detail,
the organization's computer
systems. Include the key phasesinvestigation within CO3
investigation process and how you would involved in the
throughout. ensure thoroughness and accuracy
Answer any 2 of the following questions
17. Analyse briefly about
the Forensic Duplication and
How to perform RAID data acquisition in
Investigation. C04

18. of RAID in detail. computer forensics? Explain the levels

CO3

Imagine you're a cybersecurity analyst assigned to

hexadecimal editors used in forensic investigations withìnvalidate the integrity of
Deseribe the procedure you would follow to ensure the your organization.
19
these tools. Addition ally, explain one reliability and accuracy of
data. outlining its principles and steganography algorithm used to conceal
digital files. techniques for hiding information within

Prepared by Reviewod by HOD