Cyber Forensicsmedium Premium
Cyber Forensics: File Systems, Artifacts and Timeline Analysis
Published:
Questions
30
Duration
30 min
Faculty-reviewed
0
Updated
09 Jun 2026
Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.
Published:
Questions
30
Duration
30 min
Faculty-reviewed
0
Updated
09 Jun 2026
Score, per-question explanations and topic breakdown shown right after you submit.
Free ForensicSpot account required to save your progress — you’ll sign in when you start.
This test covers the internals of FAT, NTFS and ext file systems as they apply to digital investigations: how metadata structures record file activity, how deleted files survive for recovery, and the mechanics of file carving and slack space analysis. It then turns to the rich artifact ecosystem on Windows systems, including the registry, prefetch files, the Master File Table, LNK files, browser history databases, and email storage formats. The final section addresses timeline construction and super-timeline analysis, the tools used to correlate artifacts across sources, and the anti-forensic techniques investigators routinely encounter. Questions are framed as applied scenarios and comparisons, requiring you to reason about what evidence survives, why it survives, and how an investigator would interpret it. A working knowledge of file-system data structures and forensic tooling is assumed throughout.
Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.