1. Explain digital forensics, its phases, and types.

(6 marks)

Digital forensics is the application of scientific methods and techniques to recover, analyze, and
present evidence from digital devices in a legally admissible manner. It is commonly used in
criminal investigations, cybersecurity breaches, and legal disputes.

Phases of Digital Forensics

1.​ Identification: This phase involves recognizing potential evidence, devices, or storage
media that may hold relevant data.
2.​ Preservation: Ensuring the integrity of data by creating a forensic copy and preventing
further changes to the original data.
3.​ Analysis: Examining the preserved data to extract relevant evidence using specialized
tools and techniques.
4.​ Documentation: Keeping a record of all findings, processes, and tools used during the
analysis. This ensures transparency and reproducibility.
5.​ Presentation: Organizing and presenting findings in a clear and comprehensible
manner for legal or organizational purposes.

Types of Digital Forensics

1.​ Computer Forensics: Focuses on extracting and analyzing data from computers and
storage devices.
2.​ Network Forensics: Deals with the monitoring and analysis of network traffic to detect
intrusions or malicious activities.
3.​ Mobile Forensics: Involves retrieving data from mobile devices such as smartphones
and tablets.
4.​ Email Forensics: Analyzes email communications to uncover fraud, phishing, or other
suspicious activities.
5.​ Cloud Forensics: Investigates data stored on cloud platforms to detect unauthorized
access or breaches.

2. Explain GRC and its components. (4 marks)

GRC (Governance, Risk, and Compliance) is a structured approach that organizations use to
align business objectives with regulatory requirements and risk management strategies.

Components of GRC

1.​ Governance: Defines the frameworks, policies, and procedures to ensure that
organizational decisions align with business objectives and ethical standards. Example:
Board-level oversight of cybersecurity policies.
 2.​ Risk Management: Identifies potential risks to organizational operations or assets and
implements measures to mitigate them. Example: Conducting periodic risk assessments.
3.​ Compliance: Ensures adherence to laws, industry standards, and internal policies.
Example: Following GDPR for data privacy.

Benefits include reducing operational inefficiencies, avoiding legal penalties, and fostering trust
with stakeholders.

3. Explain functions and different types of VPN. (6 marks)

A Virtual Private Network (VPN) is a technology that establishes a secure, encrypted connection
over public or private networks, allowing users to protect their data and privacy.

Functions of a VPN

1.​ Encryption: Ensures all data transmitted between the user and the server is secure.
2.​ Anonymity: Masks the user's IP address, making online activities untraceable.
3.​ Geo-restriction Bypass: Allows access to content restricted by geographic regions,
such as streaming services.
4.​ Remote Access: Provides employees with secure access to corporate resources while
working remotely.
5.​ Security on Public Wi-Fi: Protects data from eavesdroppers on insecure networks.

Types of VPN

1.​ Remote Access VPN: Used by individuals to connect securely to a private network.
Example: Employees accessing company resources remotely.
2.​ Site-to-Site VPN: Connects two separate networks, often between different branch
offices of a company.
3.​ Client-to-Site VPN: A specific type of remote access where a single user connects
securely to a company's network.
4.​ Peer-to-Peer VPN: Often used for file sharing, where each device acts as both a client
and a server.

4. Explain User Management. (4 marks)

User management refers to the administrative tasks involved in managing users, their access
levels, and permissions within an IT system or application. It ensures security, efficiency, and
accountability in managing digital resources.

Key Functions of User Management

 1.​ Authentication: Verifying the user's identity using credentials such as passwords,
OTPs, or biometrics.
2.​ Authorization: Assigning permissions based on user roles (e.g., admin, editor, viewer).
3.​ User Provisioning: Adding new users and setting up their accounts. Example:
Assigning a new employee access to relevant resources.
4.​ Monitoring: Tracking user activities to identify unauthorized or suspicious behavior.
5.​ De-provisioning: Revoking access when a user leaves the organization or no longer
needs access.

Effective user management enhances data security and minimizes the risk of insider threats.

5a. Explain Risks, Breaches, Threats, and Vulnerabilities. (4 marks)

Risks

Risks represent the likelihood of damage or harm due to weaknesses in a system. For example,
failing to encrypt sensitive data increases the risk of a breach.

Breaches

Breaches occur when an attacker successfully exploits a system's vulnerability, leading to

unauthorized access, data theft, or damage. Example: A hacker stealing credit card data.

Threats

Threats are potential actions or events that could harm a system, such as malware, phishing
attacks, or insider threats.

Vulnerabilities

Vulnerabilities are weaknesses in a system that can be exploited by a threat. Examples include
outdated software, weak passwords, or misconfigured security settings.

By addressing vulnerabilities and mitigating risks, organizations can reduce the likelihood of
breaches.

5b. Explain database security, threats to database security, and best

practices. (6 marks)

Database Security
Database security involves protecting databases from unauthorized access, corruption, and
breaches. It includes implementing policies, tools, and practices to ensure data confidentiality,
integrity, and availability.

Threats to Database Security

1.​ SQL Injection: Attackers execute malicious SQL commands to manipulate the
database.
2.​ Unauthorized Access: Poorly managed authentication mechanisms can allow
unauthorized users to access sensitive data.
3.​ Data Leakage: Unintentional exposure of sensitive data due to mismanagement or
negligence.
4.​ Malware: Viruses or malicious software targeting the database server.
5.​ Insider Threats: Employees with malicious intent accessing or manipulating sensitive
data.

Best Practices for Database Security

1.​ Encryption: Encrypt both data at rest and data in transit to prevent unauthorized
access.
2.​ Access Control: Use role-based access control to limit user permissions.
3.​ Regular Updates: Ensure database software and operating systems are updated with
the latest security patches.
4.​ Auditing and Monitoring: Monitor database activities to detect unusual or unauthorized
behavior.
5.​ Backup and Recovery: Implement regular backups to ensure data can be recovered in
case of accidental loss or breaches.