Scribd
Upload
13 views2 pages

Network Forensics Revision Exercise

Uploaded by

Paul patrice Ekoule
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
13 views2 pages

Network Forensics Revision Exercise

Uploaded by

Paul patrice Ekoule
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Network Forensics Revision Exercise

Total Marks: 20
Instructions: Attempt all questions. This is a preparatory exercise to help you practice key
concepts before the exam.

Section A: Multiple-Choice Questions (5 marks)

Each question carries 1 mark. Choose the correct option.

1. Which of the following best describes network forensics?


a. Monitoring network performance
b. Investigating and analyzing network traffic for malicious activity
c. Developing software for secure communication
d. Encrypting sensitive data
2. What is the primary role of packet capture tools like Wireshark in network
forensics?
a. To block malicious traffic
b. To monitor network speed
c. To capture and analyze data packets
d. To install firewalls
3. Which OSI layer is responsible for establishing end-to-end connections?
a. Physical Layer
b. Transport Layer
c. Data Link Layer
d. Network Layer
4. What is a key indicator of a DNS spoofing attack?
a. High volume of SYN packets
b. Frequent redirection to fake websites
c. Unauthorized login attempts
d. Network latency
5. Which type of log would most likely contain evidence of a brute-force login attempt?
a. Firewall logs
b. Application logs
c. System event logs
d. Authentication logs

Section B: Short Answer Questions (7 marks)

Answer concisely. Each question carries 1.5 marks except Question 4, which carries 2.5 marks.

1. Define network forensics and describe one scenario where it is crucial.


2. Name two key features of Wireshark and explain how they aid in network forensics.
3. Differentiate between active traffic monitoring and passive traffic monitoring.
4. Describe the following pieces of evidence collected during a network forensic
investigation and their importance:
o Packet captures
o Event logs
o Timestamps

Section C: Practical Tasks (8 marks)

These tasks will require tools and critical analysis. Prepare screenshots or detailed responses
where necessary.

1. Simulated Traffic Capture (3 marks):


o Use a network analysis tool (like Wireshark) to capture traffic.
o Document the following:
 One source and one destination IP address
 The protocol used in one packet
 Submit a brief explanation of what the captured data represents.
2. Log Analysis Practice (2 marks):
Analyze this sample log:

Dec 12 08:15:34 Blocked IP: 10.0.0.5 Port: 3389 Protocol: RDP

Dec 12 08:17:20 Allowed IP: 192.168.1.25 Port: 443 Protocol: HTTPS

Dec 12 08:20:10 Blocked IP: 172.16.1.2 Port: 80 Protocol: HTTP

oIdentify the suspicious activity.


oSuggest one mitigation measure for the suspicious activity.
2. Case Study Research (3 marks):
o Research a historical cyberattack (e.g., Mirai Botnet or SolarWinds Attack).
o Summarize the following in a short report:
 What happened during the attack
 How network forensics could have helped
 The lessons learned

You might also like