CB3601

CYBER FORENSICS

9
 UNIT -I
INTRODUCTION TO CYBER CRIME AND FORENSICS

Introduction to Traditional Computer Crime, Traditional problems associated with

Computer Crime. Role of ECD and ICT in Cybercrime - Classification of Cyber Crime.
The Present and future of Cybercrime - Cyber Forensics -Steps in Forensic Investigation
- Forensic Examination Process - Types of CF techniques - Forensic duplication and
investigation - Forensics Technology and Systems - Understanding Computer
Investigation – Data Acquisition

Q.No Question CO BTL Marks

PART A
1. What are traditional computer crimes, and how do they differ from 1 1 2
other forms of crime?
2. What is the role of the Electronic Crime Division (ECD) in 1 1 2
combating cyber crime?
3. What are the main classifications of cyber crime? 1 1 2
4. Summarize how do cyber criminals exploit new technologies such 1 2 2
as AI and machine learning.
5. What is cyber forensics, and how does it help in the investigation 1 1 2
of cyber crimes?
6. State the essential steps in conducting a forensic investigation for 1 1 2
cybercrime.
7. List the common methods used in forensic examinations of digital 1 1 2
devices.
8. What is the significance of data acquisition in cybercrime 1 1 2
investigations?
PART B
1. Explain what are the major challenges in investigating traditional 1 4 16
computer crime.

2. (i)Explain some examples of cyber crimes that involve computers 1 4 8

as tools for committing crimes.

(ii)What are the key characteristics of cyber crimes involving the 1 4 8

Internet of Things (IoT)?

3. Explain some of the most significant current trends in cybercrime 1 2 16

and explain how do cyber criminals exploit new technologies such
as AI and machine learning.
4. Discuss some essential steps in conducting a forensic investigation 1 2 16
for cybercrime explain in detail.

10
 UNIT II
EVIDENCE COLLECTION AND FORENSICS TOOLS

Processing Crime and Incident Scenes – Digital Evidence - Sources of Evidence -Working
with File Systems. - Registry - Artifacts - Current Computer Forensics Tools: Software/
Hardware Tools - Forensic Suite - Acquisition and Seizure of Evidence from Computers and
Mobile Devices - Chain of Custody- Forensic Tools
Q.No Question CO BTL Marks

PART A
1. Why is metadata considered an essential source of evidence in 2 1 2
digital forensics?
2. Mention the challenges associated with examining encrypted or 2 1 2
password-protected files during a forensic investigation.
3. What are some of the most popular software tools used in 2 1 2
computer forensics, and what are their primary functions?
4. What are the pros and cons of using hardware tools versus 2 1 2
software tools in different forensic scenarios?
5. Explain role of FTK (Forensic Toolkit) play in forensic 2 2 2
investigations, and how does it differ from other software tools.
6. Differentiate software and hardware tools used in cyber forensics. 2 2 2
7. What is the role of a forensic suite in managing and organizing 2 1 2
large amounts of digital evidence?
8. Why is the chain of custody crucial in digital forensics, and how is 2 1 2
it maintained?

PART B
1. Explain the primary challenges investigators face when processing 2 4 16
a digital crime scene in detail.

2. (i)Analyse about forensic suite, and how does it integrate 2 4 8

different tools for comprehensive forensic investigations.

(ii)What is the role of a forensic suite in managing and organizing 2 4 8

large amounts of digital evidence?

3. Discuss what are the best practices for acquiring digital evidence 2 4 16
from computers and mobile devices and explain how can
investigators ensure that data is not altered or corrupted when
acquiring evidence from a device.

4. Explain about the development of new forensic tools impact the 2 4 16

ability to investigate modern cyber crimes and What are the
limitations of forensic tools.

11
 UNIT - III
ANALYSIS AND VALIDATION
Validating Forensics Data – Data Hiding Techniques – Performing Remote Acquisition –
Network Forensics – Email Investigations – Cell Phone and Mobile Devices Forensics -
Analysis of Digital Evidence - Admissibility of Evidence - Cyber Laws in India - Case
Studies

Q.No Question CO BTL Marks

PART A
1. What methods are used to validate the integrity of digital 3 1 2
evidence?
2. What are the common data hiding techniques used by 3 1 2
cybercriminals to conceal digital evidence?
3. What challenges do forensic investigators face when acquiring 3 1 2
evidence remotely from a device or network?
4. What is network forensics, and how does it contribute to 3 2 2
cybercrime investigations?
5. What role does email header analysis play in determining the 3 1 2
authenticity of an email?
6. What types of data can be recovered from mobile devices during 3 1 2
a forensic investigation?
7. What role does timeline analysis play in understanding the 3 1 2
sequence of events during a forensic investigation?
8. What are the key provisions of cyber laws in India that relate to 3 1 2
digital forensics?

PART B
1. Explain the methods are used to validate the integrity of digital 3 4 16
evidence in detail.
Explain the following
2. (i)common data hiding techniques used by cyber criminals. 3 4 8

(i)email investigations help uncover evidence of cybercrime or 3 4 8

fraud.
3. Discuss what tools are used to acquire and 3 4 16
analyze data from mobile devices in forensic
investigations?

4. Explain a real-life case study where digital forensics played a 3 4 16

crucial role in solving a cybercrime in detail.

12
 UNIT IV
ETHICAL HACKING
Introduction to Ethical Hacking - Footprinting and Reconnaissance - Scanning Networks -
Enumeration - System Hacking - Malware Threats – Sniffing – Email Tracking

Q.No Question CO BTL Marks

PART A
1. What is ethical hacking, and how does it differ from unethical 4 1 2
hacking or cybercrime?
2. What is footprinting in ethical hacking, and why is it important in 4 1 2
the reconnaissance phase?
3. What are the different types of network scanning techniques used 4 1 2
to discover live systems and open ports?
4. What are some common tools used for enumeration, such as 4 2 2
Netcat or enum4linux?
5. What is system hacking, and how does it fit into the overall 4 1 2
process of ethical hacking?
6. What are the different types of malware and how do they function? 4 1 2
7. What types of sensitive information can be captured during a 4 2 2
sniffing attack?
8. What are the various tools available for tracking emails, such as IP 4 1 2
tracking or email header analysis?

PART B
1. What are the primary goals of ethical hacking in the context of 4 4 16
cyber security and What are the key principles and responsibilities
of an ethical hacker?

2. Explain the main methods that ethical hackers use to gain 4 4 16

unauthorized access to a system in detail.

3. What is sniffing in the context of network security, and how does 4 4 16

it pose a threat to the confidentiality of data?

4. Explain how can organizations protect themselves from malicious 4 4 16

email tracking and spoofing techniques

13
 UNIT V
ETHICAL HACKING IN WEB

Social Engineering - Denial of Service - Session Hijacking - Hacking Web servers - Hacking
Web Applications – SQL Injection - Hacking Wireless Networks - Hacking Mobile Platforms

Q.No Question CO BTL Marks

PART A
1. What are the most common types of social engineering attacks? 5 1 2

2. What are some strategies organizations can use to mitigate the risk 5 1 2
of DoS and DDoS attacks?
3. What is the role of Secure Sockets Layer (SSL) and HTTPS in 5 1 2
preventing session hijacking?
4. Does attacker exploit unpatched software or misconfigured 5 2 2
permissions on a web server to gain control?Explain how.
5. What are the common vulnerabilities found in web applications 5 1 2
that hackers exploit?
6. What are the types of SQL injection? 5 2 2
7. Outline the risks of using public Wi-Fi networks, and how can 5 2 2
individuals protect their data when using them?
8. What are some common mobile app vulnerabilities, such as 5 1 2
insecure data storage or insecure communication, that ethical
hackers look for?
PART B
1. (i)Examine how do attackers use social engineering to manipulate 5 4 8
individuals into revealing sensitive information.

(ii)Simplify warning signs of a social engineering attack, and how 5 4 8

can individuals protect themselves?
2. Distinguish the difference between a DoS attack and a Distributed 5 4 16
Denial of Service (DDoS) attack.

Explain how does input validation failure contribute to web

3. 5 5 16
application vulnerabilities like SQL injection and cross-site
scripting (XSS)?

4. (i)Explain in detail about the techniques used to prevent SQL 5 5 8

injection, such as prepared statements or input sanitization
(ii)Explain how ethical hackers can use SQL injection testing 5 4 8
tools to assess web application security

14