Cyber Forensics: Bit-Stream Imaging and BSA Section 63 Admissibility
Published:
Questions
30
Duration
30 min
Faculty-reviewed
0
Updated
25 May 2026
About this mock
This mock tests the intersection of two Unit VII pillars: the technical discipline of forensic acquisition (dd, dcfldd, FTK Imager, EnCase, write-blockers, MD5 plus SHA-256 dual hashing, RAM dumps using DumpIt and LiME, volatility order under RFC 3227, SSD-specific hazards of TRIM and wear-leveling) and the Indian legal framework for admissibility of electronic records under BSA 2023 Section 63 (formerly IEA 1872 Section 65B). Questions cover the landmark triad of Anvar P.V. v P.K. Basheer (2014) 10 SCC 473, Shafhi Mohammad v State of HP (2018) 2 SCC 801, and Arjun Panditrao Khotkar v Kailash Kushanrao Gorantyal (2020) 7 SCC 1, together with the four-condition test under Section 65B(2), who may sign the Section 65B(4) certificate, and the role of IT Act 2000 Section 79A in designating examining authorities.
Designed for MSc Forensic Science aspirants (NFSU, Panjab University, Osmania University), UGC-NET Paper II Unit VII candidates, GCFA/CHFI certification holders transitioning to Indian practice, and investigators at CFSL Hyderabad and state cyber cells who need courtroom-ready acquisition workflows. The legal half draws on the BSA 2023 text effective from 1 July 2024, while UGC-NET syllabi still cite IEA 1872 Section 65B, so both section numbers are addressed throughout.
Topics covered:
- Forensic imaging tools: dd (conv=noerror,sync), dcfldd (hash= parameter), FTK Imager (E01), EnCase
- Write-blockers: hardware (Tableau TX1) vs software (StorageDevicePolicies registry key, mount -o ro)
- Hash algorithms: MD5 collision weakness (Wang-Yu 2004), SHA-256, dual-hash standard, HMAC
- Live acquisition: DumpIt, LiME (LKM), FTK Imager Live; RAM footprint caveat
- Volatility order (RFC 3227): registers, cache, RAM, network, processes, kernel, disk, archives
- Dead acquisition vs live acquisition; SSD TRIM and wear-leveling forensic impact
- BSA 2023 Section 63 / IEA 1872 Section 65B: four conditions and Section 65B(4) certificate
- Anvar P.V. (2014), Shafhi Mohammad (2018), Arjun Panditrao (2020) case-law sequence
This set does not require specialist lab access -- every question is solvable from standard references. Allow 30 minutes.
Sources & references
Questions in this mock are written and verified against the following sources. Citations are recorded per question and shown in the explanation after submission.
- cited in 5 questions
NIST Special Publication 800-86 -- Guide to Integrating Forensic Techniques into Incident Response
Section 4.2: Chain of Custody Documentation Requirements
- cited in 4 questions
Nelson, Phillips, Steuart -- Guide to Computer Forensics and Investigations, 6th Edition, Cengage
Chapter 4: Software Write-Blocking on Windows, StorageDevicePolicies Registry Key
- cited in 4 questions
Casey, Eoghan -- Digital Evidence and Computer Crime, 3rd Edition, Academic Press/Elsevier
Chapter 3: Acquisition of Digital Evidence, dd-based Forensic Imaging
- cited in 3 questions
Anvar P.V. v P.K. Basheer and Others (2014) 10 SCC 473, Supreme Court of India
Para 24: Certifier Must Have Knowledge of and Responsibility for the Relevant Computer System
- cited in 2 questions
Ligh, Case, Levy, Walters -- The Art of Memory Forensics, Wiley
Chapter 4: Linux Memory Acquisition, LiME Kernel Module Architecture
- cited in 2 questions
Carrier, Brian -- File System Forensic Analysis, Addison-Wesley
Chapter 10: SSD Architecture, Flash Translation Layer and Wear-Leveling Forensic Implications
- cited in 2 questions
ISO/IEC 27037:2012 -- Guidelines for Identification, Collection, Acquisition and Preservation of Digital Evidence
Section 7.4: Acquisition Process, Hash Verification Before and After Each Handling Step
- cited in 1 question
Indian Evidence Act 1872 (IEA 1872) / Bharatiya Sakshya Adhiniyam 2023 (BSA 2023)
Section 65B(2) IEA 1872 / Section 63 BSA 2023: Four Conditions for Computer-Generated Records
Open source - cited in 1 question
Information Technology Act 2000 (as amended 2008), Government of India
Section 79A: Examiner of Electronic Evidence, Notification and Expert Status
Open source - cited in 1 question
Bharatiya Sakshya Adhiniyam 2023 (BSA 2023), Government of India
Section 63: Admissibility of Electronic Records, Certificate Requirement
Open source - cited in 1 question
NIST Special Publication 800-107 Rev. 1 -- Recommendation for Applications Using Approved Hash Algorithms
Section 5: Security Considerations, MD5 Collision Vulnerability and Deprecation
- cited in 1 question
Shafhi Mohammad v State of Himachal Pradesh (2018) 2 SCC 801, Supreme Court of India
Para 12-15: Relaxation of Section 65B Certificate When Device Not in Possession of Party
- cited in 1 question
RFC 3227 -- Guidelines for Evidence Collection and Archiving, IETF
Section 2.1: Order of Volatility, Network State vs Running Processes
- cited in 1 question
Arjun Panditrao Khotkar v Kailash Kushanrao Gorantyal (2020) 7 SCC 1, Supreme Court of India
Para 48-55: Overruling Shafhi Mohammad, Affirming Mandatory Certificate, Court Direction Remedy
- cited in 1 question
RFC 3227 -- Guidelines for Evidence Collection and Archiving, IETF (Bellovin, Grabowski, 2002)
Section 2.1: Order of Volatility, from CPU registers to off-site archives
How our mocks are built
Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.
Common questions
What does the Cyber Forensics: Bit-Stream Imaging and BSA Section 63 Admissibility mock cover?+
This mock tests the intersection of two Unit VII pillars: the technical discipline of forensic acquisition (dd, dcfldd, FTK Imager, EnCase, write-blockers, MD5 plus SHA-256 dual hashing, RAM dumps using DumpIt and LiME, volatility order under RFC 3227, SSD-specific hazards of TRIM and wear-leveling) and the Indian legal framework for admissibility of electronic records under BSA 2023 Section 63 (formerly IEA 1872 Section 65B). Questions cover the landmark triad of Anvar P.V. v P.K. Basheer (2014
How many questions and how long is the test?+
30 multiple-choice questions, 30 minutes total. Difficulty: hard. Tier: Premium.
Who is this mock for?+
Forensic science students and aspirants who want timed, exam-style practice with explanations and verified source citations on Cyber Forensics, NET. Useful for postgraduate entrance preparation and for BSc / MSc forensic students testing their recall under time.
Are the questions reviewed?+
Each question carries a verified source citation. Faculty review for individual questions is in progress.
Do I need an account to take this mock?+
Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.