Cyber Forensics: Bit-Stream Imaging and BSA Section 63 Admissibility

This mock tests the intersection of two Unit VII pillars: the technical discipline of forensic acquisition (dd, dcfldd, FTK Imager, EnCase, write-blockers, MD5 plus SHA-256 dual hashing, RAM dumps using DumpIt and LiME, volatility order under RFC 3227, SSD-specific hazards of TRIM and wear-leveling) and the Indian legal framework for admissibility of electronic records under BSA 2023 Section 63 (formerly IEA 1872 Section 65B). Questions cover the landmark triad of Anvar P.V. v P.K. Basheer (2014) 10 SCC 473, Shafhi Mohammad v State of HP (2018) 2 SCC 801, and Arjun Panditrao Khotkar v Kailash Kushanrao Gorantyal (2020) 7 SCC 1, together with the four-condition test under Section 65B(2), who may sign the Section 65B(4) certificate, and the role of IT Act 2000 Section 79A in designating examining authorities.

Designed for MSc Forensic Science aspirants (NFSU, Panjab University, Osmania University), UGC-NET Paper II Unit VII candidates, GCFA/CHFI certification holders transitioning to Indian practice, and investigators at CFSL Hyderabad and state cyber cells who need courtroom-ready acquisition workflows. The legal half draws on the BSA 2023 text effective from 1 July 2024, while UGC-NET syllabi still cite IEA 1872 Section 65B, so both section numbers are addressed throughout.

Topics covered:

• Forensic imaging tools: dd (conv=noerror,sync), dcfldd (hash= parameter), FTK Imager (E01), EnCase
• Write-blockers: hardware (Tableau TX1) vs software (StorageDevicePolicies registry key, mount -o ro)
• Hash algorithms: MD5 collision weakness (Wang-Yu 2004), SHA-256, dual-hash standard, HMAC
• Live acquisition: DumpIt, LiME (LKM), FTK Imager Live; RAM footprint caveat
• Volatility order (RFC 3227): registers, cache, RAM, network, processes, kernel, disk, archives
• Dead acquisition vs live acquisition; SSD TRIM and wear-leveling forensic impact
• BSA 2023 Section 63 / IEA 1872 Section 65B: four conditions and Section 65B(4) certificate
• Anvar P.V. (2014), Shafhi Mohammad (2018), Arjun Panditrao (2020) case-law sequence

This set does not require specialist lab access -- every question is solvable from standard references. Allow 30 minutes.