QUESTION 1 [25 marks]

1. Differentiate between digital natives and digital immigrants. (7 marks)

- Digital native is a person born or brought up during the age of digital
technology and so familiar with computers and the Internet from an early age,
so has a greater understanding of digital media concepts compared to digital
immigrant.

- Digital immigrant is someone who has before the widespread of the digital
era and had to adapt to technology.
2. Discuss the three ways that technology can be abused by individuals. (6 marks)

- As a medium for communication and the development of subcultures online.

- As a mechanism to target sensitive resources and engage in crime and

deviance.

- As an incidental device to facilitate the offense and provide evidence of

criminal activity both online and offline.

3. What are (cyber) deviance, cybercrime, and cyberterrorism? (12 marks)

- Cyberdeviance is the act of abusing and misusing of technology
which may not be illegal but is outside of the formal and informal
norms or beliefs of the prevailing culture. For example, the
creating and use of pornography. Although it is not illegal to
watch, in some community it is morally wrong so viewing these
materials can be considered deviant.
- Cybercrime simply refers to crimes in which the abuser or
perpetrator uses his/her knowledge of cyberspace to commit an
offense.
- Cyberterrorism doesn’t one accepted definition, but its
recognised as a behaviour where an individual uses digital
technology or computer mediated communications to cause
harm and force social change based on ideological or political
beliefs

QUESTION 2 [25 marks]

1. Differentiate between nation-state and non-nation-state hackers. (4 marks)

- Nation state hackers are sponsored by a government and hack
on behalf of them, frequently target government and military
targets.

- Non-nation state are hackers that hack on their own accord.

Frequently target businesses and home users.
2. List three key norms and values of the hacker subculture. (3 marks)
- technology
- knowledge
- Secrecy.
3. Identify the various terms used to define and differentiate hackers. (6 marks)
- Cracker – name given to hackers who break into computers for
criminal gain purposes only.
- Lamer – someone who did not really understand what they were
doing but managed to hack.
- Noob – A beginner in computers often concerning internet
activity, such as online gaming or linux use.
- Leet – someone with a very high-end computer and gaming
skills.
- Black/white/gray hat hacker.
- Script kiddie – a person who uses existing computer scripts or
codes to hack into computers, lacking the expertise to write their
own.
4. Discuss the common types of scans. (12 marks)
- Ping scan: This scan simply sends a ping to the target port.
Many network administrators block incoming ICMP packets for
the purpose of stopping ping scans.
- Connect scan: This is the most reliable scan, but also the most
likely to be detected. With this type of scan a complete
connection is made with the target system.
- SYN scan: This scan is very stealthy. Most systems accept SYN
(Synchronize) requests. This scan is similar to the SYN flood
DoS attack. In this scan you send a SYN packet, but never
respond when the system sends a SYN/ACK. However, unlike
the DoS SYN flood, you only send one packet per port. This is
also called the half-open scan.
- FIN scan: This scan has the FIN flag, or connection finished flag
set. This is also not an unusual packet for systems to receive, so
is considered stealthy.

QUESTION 3 [25
marks]

1. How does a Virus Scanner work? (7 marks)

- A virus scanner operates by searching for the signatures of
known viruses. A signature is a characteristic pattern that occurs
in every copy of a virus. It might be a string of characters, such
as a message that the virus will display on the screen when
activated, or it might be binary computer code or even a
particular bit of data that is embedded in the virus.
2. What is a spyware? (2 marks)
- Spyware is a type of malware that is installed on a computer
without the knowledge of the owner in order to collect the
owner's private information. Spyware is often hidden from the
user in order to gather information about internet interaction,
keystrokes (also known as keylogging), passwords, and other
valuable data.
3. Differentiate between on-demand virus scanners and ongoing virus scanner.
(4 marks)
 - On-demond virus scanner is a type of antivirus program which
actively scans your computer system for viruses only when
prompted to do so by the computer user or by scheduling the
task on a specific time; while ongoing virus scanner runs
automatically by itself and is usually used by companies or
governmental institution where the user doesn’t have
administrator access this way they can keep their system
secured as a company.
4. What are the application gateway, application-level proxy, and application proxy?
(3 marks)
- The terms can be used interchangeably; it’s a type of firewall
that authenticates entire client applications. application-level
proxy is another name for an application gateway and so is
application proxy.
5. What is the purpose of port scanning? (3 marks)
- A port scanner is an application designed to probe a server or
host for open ports in an attempt to assess vulnerabilities.
6. What is the Stateful Packet Inspection (SPI)? (6 marks)
- Is a firewall architecture (filtering system) that works at the
network layer, it tracks /examines each connection/packet
passing through all interfaces of the firewall and makes sure
they are valid. It denies or permit access based not only on the
examination of the current packet but also on data derived from
previous packets in the conversation.

QUESTION 4 [25 marks]

1. Differentiate between Denial-of-service (DoS) and Distributed Denial of Service

(DDoS). (4 marks)

- Denial-of-service (DoS) attacks typically flood servers, systems

or networks with traffic in order to overwhelm the victim
resources and make it difficult or impossible for legitimate users
to use them. While an attack that crashes a server can often be
dealt with successfully by simply rebooting the system, flooding
attacks can be more difficult to recover from.

- DDoS attacks have been carried out by diverse threat actors,

ranging from individual criminal hackers to organized crime rings
and government agencies. In certain situations, often ones
related to poor coding, missing patches or generally unstable
systems, even legitimate requests to target systems can result
in DDoS-like results.
2. Describe the following items: (6 marks)
 Flood attack
- An attack that involves sending a large number of packets to a
server in an attempt to overload the server.

 ICMP flood attack

 - An attack that attempts to overload the target system with too
many ICMP packets for it to respond to
 UDP flood attack
- A UDP flood attack is a denial-of-service (DoS) attack based on
sending a huge number of UDP packets.

3. How do you protect the administrator accounts on a server with names that do
not reflect their level of permission? (4 marks)
- By disabling a default administrator account, create an account
called basic_user, and set that account as the administrator
account. This might make it difficult for an intruder to select an
account to use for hacking.

4. What is a good password? (5 marks)

- A good password is at least 8 characters long; contains letters,
numbers, and characters; and combines upper- and lowercase.
A good general practice is to select a word that has no personal
meaning to you.
5. Describe the following items: (6 marks)
- social engineering - Using interpersonal skills to extract
information about a computer system and its security
- network scanning - The process to scan a network looking for
vulnerabilities
- port scanning - Scanning a target machine to see what ports are
open in an attempt to assess vulnerabilities

QUESTION 5 [25 marks]

1. What is the main driving force behind the research into information hiding
techniques? (4 marks)
- The main driving force behind these researches is the concern
over copyright; as audio, video and other works become
available in digital form, the ease with which perfect copies can
be made may lead to large-scale unauthorized copying, and this
is of great concern to the music, film, book, and software
publishing industries.

2. Differentiate between cryptography and steganography. (4 marks)

- Cryptography is used to encrypt (scramble) a message
(plaintext message) into a new form (Ciphertext message)
whose meaning is masked, while Steganography hides
messages in plain sight rather than encrypting the message; it is
embedded in the data and doesn’t require secret transmission.
The message is carried inside data.

3. Why should network administrators be more thoroughly checked before they are
employed? (4 marks)
- The reason is quite simple; regardless of how tight your security
is, it cannot keep out the person who sets it up and maintains it.
 So since he/she have all the access it is advisable to do through
investigation because they have to be trustworthy and reliable.

4. Differentiate between Civil and Criminal charges. (3 marks)

- Civil disputes would include things like suing someone over
violation of contract or divorce whereas Criminal charges deals
with offenses against the state which can result in fines,
probation or imprisonment.
5. Answer the following questions:
a) What is the “the three C’s of evidence” when the digital-evidence is handed?
(3 marks)
- Care, Control, and Chain of custody.
b) What is “Chain of Custody”? (1 mark)
- Is the process by which the investigator validates how any kind
of evidence has been gathered, tracked and protected on its
way to a court of law.
c) What should be included in the Chain of Custody Log? (1 mark)
- Includes documentation that the evidence was handled and
preserved properly and that it was never at risk of being
compromised.
d) What is the “Chain of custody procedures”? (5 marks)
- Keep an evidence log that shows when evidence was received and
seized, and where it is located
- Record dates if items are released to anyone
- Restrict access to evidence
- Place original hard drive in an evidence locker
- Perform all forensics on a mirror-image copy, never on the original
data