Skip to content
Cyber Forensicshard Premium

Cyber Forensics: Bit-Stream Imaging and BSA Section 63 Admissibility

Published:

Questions

30

Duration

30 min

Faculty-reviewed

0

Updated

25 May 2026

Score, per-question explanations and topic breakdown shown right after you submit.

About this mock

This mock tests the intersection of two Unit VII pillars: the technical discipline of forensic acquisition (dd, dcfldd, FTK Imager, EnCase, write-blockers, MD5 plus SHA-256 dual hashing, RAM dumps using DumpIt and LiME, volatility order under RFC 3227, SSD-specific hazards of TRIM and wear-leveling) and the Indian legal framework for admissibility of electronic records under BSA 2023 Section 63 (formerly IEA 1872 Section 65B). Questions cover the landmark triad of Anvar P.V. v P.K. Basheer (2014) 10 SCC 473, Shafhi Mohammad v State of HP (2018) 2 SCC 801, and Arjun Panditrao Khotkar v Kailash Kushanrao Gorantyal (2020) 7 SCC 1, together with the four-condition test under Section 65B(2), who may sign the Section 65B(4) certificate, and the role of IT Act 2000 Section 79A in designating examining authorities.

Designed for MSc Forensic Science aspirants (NFSU, Panjab University, Osmania University), UGC-NET Paper II Unit VII candidates, GCFA/CHFI certification holders transitioning to Indian practice, and investigators at CFSL Hyderabad and state cyber cells who need courtroom-ready acquisition workflows. The legal half draws on the BSA 2023 text effective from 1 July 2024, while UGC-NET syllabi still cite IEA 1872 Section 65B, so both section numbers are addressed throughout.

Topics covered:

  • Forensic imaging tools: dd (conv=noerror,sync), dcfldd (hash= parameter), FTK Imager (E01), EnCase
  • Write-blockers: hardware (Tableau TX1) vs software (StorageDevicePolicies registry key, mount -o ro)
  • Hash algorithms: MD5 collision weakness (Wang-Yu 2004), SHA-256, dual-hash standard, HMAC
  • Live acquisition: DumpIt, LiME (LKM), FTK Imager Live; RAM footprint caveat
  • Volatility order (RFC 3227): registers, cache, RAM, network, processes, kernel, disk, archives
  • Dead acquisition vs live acquisition; SSD TRIM and wear-leveling forensic impact
  • BSA 2023 Section 63 / IEA 1872 Section 65B: four conditions and Section 65B(4) certificate
  • Anvar P.V. (2014), Shafhi Mohammad (2018), Arjun Panditrao (2020) case-law sequence

This set does not require specialist lab access -- every question is solvable from standard references. Allow 30 minutes.

Sources & references

Questions in this mock are written and verified against the following sources. Citations are recorded per question and shown in the explanation after submission.

  • NIST Special Publication 800-86 -- Guide to Integrating Forensic Techniques into Incident Response

    Section 4.2: Chain of Custody Documentation Requirements

    cited in 5 questions
  • Nelson, Phillips, Steuart -- Guide to Computer Forensics and Investigations, 6th Edition, Cengage

    Chapter 4: Software Write-Blocking on Windows, StorageDevicePolicies Registry Key

    cited in 4 questions
  • Casey, Eoghan -- Digital Evidence and Computer Crime, 3rd Edition, Academic Press/Elsevier

    Chapter 3: Acquisition of Digital Evidence, dd-based Forensic Imaging

    cited in 4 questions
  • Anvar P.V. v P.K. Basheer and Others (2014) 10 SCC 473, Supreme Court of India

    Para 24: Certifier Must Have Knowledge of and Responsibility for the Relevant Computer System

    cited in 3 questions
  • Ligh, Case, Levy, Walters -- The Art of Memory Forensics, Wiley

    Chapter 4: Linux Memory Acquisition, LiME Kernel Module Architecture

    cited in 2 questions
  • Carrier, Brian -- File System Forensic Analysis, Addison-Wesley

    Chapter 10: SSD Architecture, Flash Translation Layer and Wear-Leveling Forensic Implications

    cited in 2 questions
  • ISO/IEC 27037:2012 -- Guidelines for Identification, Collection, Acquisition and Preservation of Digital Evidence

    Section 7.4: Acquisition Process, Hash Verification Before and After Each Handling Step

    cited in 2 questions
  • Indian Evidence Act 1872 (IEA 1872) / Bharatiya Sakshya Adhiniyam 2023 (BSA 2023)

    Section 65B(2) IEA 1872 / Section 63 BSA 2023: Four Conditions for Computer-Generated Records

    Open source
    cited in 1 question
  • Information Technology Act 2000 (as amended 2008), Government of India

    Section 79A: Examiner of Electronic Evidence, Notification and Expert Status

    Open source
    cited in 1 question
  • Bharatiya Sakshya Adhiniyam 2023 (BSA 2023), Government of India

    Section 63: Admissibility of Electronic Records, Certificate Requirement

    Open source
    cited in 1 question
  • NIST Special Publication 800-107 Rev. 1 -- Recommendation for Applications Using Approved Hash Algorithms

    Section 5: Security Considerations, MD5 Collision Vulnerability and Deprecation

    cited in 1 question
  • Shafhi Mohammad v State of Himachal Pradesh (2018) 2 SCC 801, Supreme Court of India

    Para 12-15: Relaxation of Section 65B Certificate When Device Not in Possession of Party

    cited in 1 question
  • RFC 3227 -- Guidelines for Evidence Collection and Archiving, IETF

    Section 2.1: Order of Volatility, Network State vs Running Processes

    cited in 1 question
  • Arjun Panditrao Khotkar v Kailash Kushanrao Gorantyal (2020) 7 SCC 1, Supreme Court of India

    Para 48-55: Overruling Shafhi Mohammad, Affirming Mandatory Certificate, Court Direction Remedy

    cited in 1 question
  • RFC 3227 -- Guidelines for Evidence Collection and Archiving, IETF (Bellovin, Grabowski, 2002)

    Section 2.1: Order of Volatility, from CPU registers to off-site archives

    cited in 1 question

How our mocks are built

Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.

Common questions

What does the Cyber Forensics: Bit-Stream Imaging and BSA Section 63 Admissibility mock cover?+

This mock tests the intersection of two Unit VII pillars: the technical discipline of forensic acquisition (dd, dcfldd, FTK Imager, EnCase, write-blockers, MD5 plus SHA-256 dual hashing, RAM dumps using DumpIt and LiME, volatility order under RFC 3227, SSD-specific hazards of TRIM and wear-leveling) and the Indian legal framework for admissibility of electronic records under BSA 2023 Section 63 (formerly IEA 1872 Section 65B). Questions cover the landmark triad of Anvar P.V. v P.K. Basheer (2014

How many questions and how long is the test?+

30 multiple-choice questions, 30 minutes total. Difficulty: hard. Tier: Premium.

Who is this mock for?+

Forensic science students and aspirants who want timed, exam-style practice with explanations and verified source citations on Cyber Forensics, NET. Useful for postgraduate entrance preparation and for BSc / MSc forensic students testing their recall under time.

Are the questions reviewed?+

Each question carries a verified source citation. Faculty review for individual questions is in progress.

Do I need an account to take this mock?+

Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.