Skip to content
Cyber ForensicseasyFree

Cyber Forensics: Volatility Order, Hashing and Write Blockers Basics

Published:

Questions

30

Duration

30 min

Faculty-reviewed

0

Updated

25 May 2026

Score, per-question explanations and topic breakdown shown right after you submit.

About this mock

UGC-NET Forensic Science Unit VII drill on the foundational concepts of cyber forensics. Covers the order of volatility as defined in RFC 3227, from CPU registers and cache at the most volatile end through RAM, network state, running processes, and disk storage to archival media at the least volatile end. Write-blockers are examined as the first defensive tool an examiner deploys, with hardware devices such as Tableau and WiebeTech contrasted against software-based solutions. Hash functions tested include MD5 (128-bit digest), SHA-1 (160-bit), and SHA-256 (256-bit), with emphasis on their role in verifying digital evidence integrity before and after bit-stream imaging using FTK Imager, dd, and EnCase. Chain of custody requirements for digital evidence, the distinction between live and dead acquisition, and the basics of BSA 2023 Section 63 (formerly IEA Section 65B) electronic evidence certificates are all assessed.

The Indian statutory and judicial dimension covers IT Act 2000 Sections 65 (tampering with source code) and 66 (computer-related offences), cyber-crime taxonomy including hacking, phishing, and identity theft, and the landmark Supreme Court rulings Anvar P.V. v P.K. Basheer (2014) 10 SCC 473 and Arjun Panditrao Khotkar v Kailash Kushanrao Gorantyal (2020) 7 SCC 1 on admissibility of electronic records. The CFSL Hyderabad Cyber Crime Digital Repository (CCDR) and CERT-In are referenced as the primary Indian institutional pillars. Standards consulted include NIST SP 800-86 and ISO/IEC 27037, alongside Casey (Digital Evidence and Computer Crime, 3rd ed) and Nelson Phillips Steuart (Guide to Computer Forensics, 6th ed).

Topics covered:

  • RFC 3227 volatility order from CPU registers to archival media
  • Hardware vs software write-blockers (Tableau, WiebeTech)
  • MD5, SHA-1, and SHA-256 hash function basics
  • Hash verification before and after imaging for integrity
  • Chain of custody for digital evidence
  • BSA 2023 Section 63 / IEA Section 65B electronic certificate
  • Live vs dead acquisition distinction
  • IT Act 2000 Sections 65 and 66; cyber-crime taxonomy basics

Calibrated for first-pass UGC-NET Forensic Science Paper II Unit VII preparation and NFSU MSc Digital Forensics entrance revision. Allow 30 minutes.

Sources & references

Questions in this mock are written and verified against the following sources. Citations are recorded per question and shown in the explanation after submission.

  • Nelson, Bill; Phillips, Amelia; Steuart, Christopher — Guide to Computer Forensics and Investigations, 6th Edition, Cengage, 2019

    Chapter 3: Data Acquisition — hardware write-blockers: Tableau and WiebeTech

    cited in 7 questions
  • Casey, Eoghan — Digital Evidence and Computer Crime, 3rd Edition, Academic Press, 2011

    Chapter 4: Conducting Digital Investigations — order of volatility and live acquisition

    cited in 6 questions
  • NIST SP 800-86 — Guide to Integrating Forensic Techniques into Incident Response, 2006

    Section 4.1: Basic Forensic Techniques — live vs static acquisition decision criteria

    cited in 3 questions
  • ISO/IEC 27037:2012 — Guidelines for Identification, Collection, Acquisition and Preservation of Digital Evidence

    Section 7: Acquisition — recommended hash algorithms for evidence integrity

    cited in 2 questions
  • RFC 3227 — Guidelines for Evidence Collection and Archiving (IETF, 2002)

    Section 2.1: Order of Volatility

    cited in 2 questions
  • Bharatiya Sakshya Adhiniyam (BSA) 2023 — Section 63; Indian Evidence Act 1872 — Section 65B

    Section 63 BSA 2023 / Section 65B IEA 1872: Admissibility of Electronic Records

    cited in 1 question
  • Information Technology Act 2000 — Sections 43, 66, 66C

    Section 66: Computer-Related Offences — hacking as unauthorised access under Indian cyber law

    cited in 1 question
  • Information Technology Act 2000 — Sections 43 and 66

    Section 43: Penalty for Damage to Computer System; Section 66: Computer Related Offences

    cited in 1 question
  • Information Technology Act 2000 — Section 65

    Section 65: Tampering with Computer Source Documents

    cited in 1 question
  • Anvar P.V. v P.K. Basheer (2014) 10 SCC 473 — Supreme Court of India

    Judgment: Section 65B IEA — mandatory certificate for admissibility of electronic records

    cited in 1 question
  • FIPS PUB 180-4 — Secure Hash Standard, NIST, 2015

    Section 1: Hash function specifications — SHA-1, SHA-256, SHA-512 output lengths

    cited in 1 question
  • Arjun Panditrao Khotkar v Kailash Kushanrao Gorantyal (2020) 7 SCC 1 — Supreme Court of India

    Judgment: Section 65B IEA — mandatory certificate, court power to summon certifying official

    cited in 1 question
  • Arjun Panditrao Khotkar v Kailash Kushanrao Gorantyal (2020) 7 SCC 1

    Judgment: Section 65B IEA — mandatory certificate from responsible official of originating system

    cited in 1 question
  • Information Technology Act 2000 — Section 66C (as amended 2008)

    Section 66C: Punishment for Identity Theft

    cited in 1 question
  • Carrier, Brian — File System Forensic Analysis, Addison-Wesley, 2005

    Chapter 2: Computer Foundations — disk imaging with dd and forensic soundness

    cited in 1 question

How our mocks are built

Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.

Common questions

What does the Cyber Forensics: Volatility Order, Hashing and Write Blockers Basics mock cover?+

UGC-NET Forensic Science Unit VII drill on the foundational concepts of cyber forensics. Covers the order of volatility as defined in RFC 3227, from CPU registers and cache at the most volatile end through RAM, network state, running processes, and disk storage to archival media at the least volatile end. Write-blockers are examined as the first defensive tool an examiner deploys, with hardware devices such as Tableau and WiebeTech contrasted against software-based solutions. Hash functions test

How many questions and how long is the test?+

30 multiple-choice questions, 30 minutes total. Difficulty: easy. Tier: Free.

Who is this mock for?+

Forensic science students and aspirants who want timed, exam-style practice with explanations and verified source citations on Cyber Forensics, NET. Useful for postgraduate entrance preparation and for BSc / MSc forensic students testing their recall under time.

Are the questions reviewed?+

Each question carries a verified source citation. Faculty review for individual questions is in progress.

Do I need an account to take this mock?+

Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.

Browse more mocks

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.