CS6004 Computer Forensics Unit IV Evidence Collection And Forensics Tools SYLLABUS Processing Crime and Incident Scenes – Working with Windows and DOS Systems. Current Computer Forensics Tools: Software/ Hardware Tools. 1. Describe about the process of collecting evidence in private-sector incident scenes. 2. Explain about the process of preparing for a search. 3. Elaborate about the concept of securing a computer incident or crime scene. 4. Explain about the concept of reviewing a case. 5. Describe about windows registry. 6. Explain about the steps involved in examining NTFS disks. 7. List out the computer forensic hardware and software tools and to solve the different types of forensics 8. Elaborate about the validation and testing of forensic software.
UNIT 1 & 2 PART A 1. Identify the role of a CA. 2. Draw the architecture of Single Homed Bastion. 3. What is DMZ? 4. List out the seven group documents describing the set of IPSec Protocols. 5. Define Security Associations. 6. Draw the structure of DES–EDE3–CBC algorithm. 7. Draw the structure of MIME Header. 8. Define VPN 9. What is Dual Signature and Signature verification? 10. List out the seven group documents describing the set of IPSec Protocols. 11. Identify the roles of a firewall. 12. Define Security Associations. 13. Diagrammatically represent IPSec documents 14. Derive an equation to compute HMAC over a message. 15. How is the Master Secret Computed? 16. Diagrammatically represent the packet structure of ESP Transport mode for IPv4 17. HMAC provides data integrity. Justify 18. How to convert the Master Secret into Key Block? PART B 1. Explain the importance of Key Management Protocol for IPSec and its working in detail. 2. Explain the Pseudo Random function and HMAC algorithm of TLS. 3. Discuss about the header format of MIME and explain its working. 4. Examine the various types of Firewalls and discuss about their architecture in detail. 5. Compose a method to compute the Master Secret and convert the Master Secret into Cryptographic Parameters 6. Explain how Radix-64 conversion takes place in PGP with an example. 7. Design a model to process cryptographic computations in TLS and discuss about the Error Alerts given by TLS. 8. Explain the importance of Key Management Protocol for IPSec and its working in detail. 9. Discuss about the PGP Message Format and explain its working. 10. Examine the various Firewall designs and discuss about their architecture in detail. 11. Discuss in detail how the Security Association are implemented. Support your explanation with an overview about IPSec Protocol documents 12. Explain how Authentication and Confidentiality is provided by PGP with an example.
CS6551-Computer networks Department of CSE 2014-2015 UNIT I FUNDAMENTALS & LINK LAYER PART A 1. Compare LAN and WAN. Local Area Network (LAN) Wide Area Network (WAN) Scope of Local Area Network is restricted to a Scope of Wide Area Network spans over large small/ single building geographical area country/ Continent LAN is owned by some organization. A part of network asserts are owned or not owned. Data rate of LAN 10-100mbps. Data rate of WAN is Gigabyte. 2. Define Full Duplex and simplex transmission system. With Full duplex transmission, two stations can simultaneously send and receive data from each other. This mode is known as two-way simultaneous. The signals are transmitted in only one direction. One is the sender and another is the receiver. 3. Why sliding window flow control is considered to be more efficient than stop and wait flow control? In sliding window flow control, the transmission link is treated as a pipeline that may be filled with frames in transit. But with stop-and-wait flow control only one frame may be in the pipe at a time. 4. Differentiate between lost frame and damaged frame? Lost Frame Damaged Frame Lost frame is the frame that fails to arrive at the The damaged frame is a recognizable frame other side. does arrive, but some of the bits are in error 5.What is the difference between stop and wait and sliding window protocol? (Nov/Dec 2012) Stop and Wait Protocol Sliding Window Protocol In stop and wait protocol, we can send one In sliding window protocol we can send frame at a time multiple frames at a time. Shows poor performance than Sliding Window As sliding window doesn't waste network Protocol, comparatively bandwidth compared with stop-n-wait window shows better performance than stop-n-wait. 6. Define Piggybacking? The technique of temporarily delaying outgoing acknowledgment so that they can be hooked onto the next outgoing data frame is widely known as piggybacking. 7. What is OSI? OSI (Open Systems Interconnection) is reference model for how applications can communicate over a network. It is partitioned into seven layers. It was developed by the International Organization for Standardization (ISO). 8. What is a protocol? What are the key elements of a protocol? Protocol is used for communications between entities in a system and must speak the same language. Protocol is the set of rules governing the exchange of data between two entities. It defines what is communicated, how it is communicated, when it is communicated. The Key elements of a Protocol are • Syntax – It refers to the structure or format of data meaning the order in which they are presented. • Semantics – It refers to the meaning of each section of bit. How to do interpretation. • Timing – When data should be sent and how fast they can be sent. 9. What are the uses of transport layer? • Reliable data exchange • Independent of network being used • Independent of application 10. What is Protocol Data Unit (PDU)? At each layer, protocols are used to communicate and Control information is added to user data at each layer. Transport layer may fragment user data. Each fragment has a transport header added and header consists of destination SAP, sequence number and error detection code. 11. What are the uses of internet layer in TCP/IP? • Systems may be attached to different networks • Routing functions across multiple networks
CS6551-Computer networks Department of CSE 2014-2015 • Implemented in end systems and routers 12. What is a layered Network Architecture? • A layer is created when a different level of abstraction occurs at protocol. Each layer should perform a well defined function. • Function of each layer should be chosen using internationality standardized protocols. Boundaries between should be chosen to minimize information flow across the interfaces. • A set of layers and protocol is called network architecture. A list of protocols used by a system is called protocol stack. 13.Compare OSI and TCP. Open System Interconnection(OSI) Transmission Control Protocol(TCP) It distinguishes between Service, Interface, It does not distinguish between Protocol Service,Interface,Protocol Protocols are well hidden Protocols are not just hidden Dejure standard Fit Model Defacto standard Fit Model In transport layer only connection oriented In Transport layer choice is for connection services are available oriented and connectionless Contains 7 layers Contains 5 layers 14. How do layers of the internet model correlate to the layers of the OSI model? OSI TCP/IP Physical Layer Physical Layer Data Link Layer Network Access Layer Network Layer IP Layer Transport Layer TCP Layer Session Layer Application Layer Presentation Layer Application layer 15. What is the use of data link layer in OSI? • Frame synchronization: Data is divided by data link layer as frames, a manageable unit. • Flow Control: Sending station does not overwhelm receiving station. • Error Control: Any error in bits must be detected and corrected using some mechanism. • Addressing: Two stations in a multi point that involved in transmission must be specified using physical address • Access Control: When two or more devices are connected to the same link, Access control mechanism is needed to determine which device has control over the link at any given time. 16. Why is flow control and error control duplicated in different layers? Like the data link layer, the transport layer is responsible for flow and error control. Flow control and error control at data link layer is node-to-node level. But at transport layer, flow control and error control is performed end-end rather than across a single link. 17. List the key ingredients of technology that determines nature of a LAN. List the common topologies available for LAN. Topology, Transmission medium and Medium access control technique are the technology that determines nature of a LAN. Star Topology, Ring Topology, Bus Topology and Tree Topology are the topologies available for LAN. 18. What are the functions of physical layer and presentation layer? Functions of Physical Layer • Encoding/ decoding of signals • Preamble generation/removal (for synchronization) • Bit transmission/ reception Functions of Presentation Layer • Translation, Encryption / Decryption ,Authentication and Compression 19. What do you mean by Flow Control? (Nov/Dec 2011, May/June 2015) Flow control is a technique for assuring that a transmitting entity does not overwhelm a receiving entity with data. It is a feedback mechanism by which the receiver is able to regulate the sender. Such a