Digital Forensics: Foundations and Core Vocabulary

This mock covers the foundational concepts and vocabulary every digital forensics student must know — the building blocks of every later course, every exam paper, and every real investigation. Thirty questions across storage and memory, the order of volatility, write blockers, forensic imaging, hashing for integrity, file systems (NTFS, ext4, APFS, FAT), chain of custody, first-responder procedures, Faraday bags, and the routine artefacts (Windows Registry, event logs, browser cache, email headers) that turn raw devices into evidence.

It is pitched at BSc and first-year MSc cyber forensics students at NFSU, LNJN-NICFS and other Indian universities, and at FACT or UGC-NET aspirants who need the introductory layer locked in before tackling case law, tool-specific procedure, and reconstruction. If you can pass this mock comfortably, you have the vocabulary for every advanced cyber-forensics topic that follows.

Topics covered:

• Volatile vs non-volatile memory and the order of volatility (RFC 3227)
• Write blockers and why they matter for evidence integrity
• Forensic imaging, hashing (MD5, SHA-256), and the EnCase E01 format
• Chain of custody — what it is, what breaks it
• First-responder priorities and the Faraday-bag rule for mobile devices
• File system fundamentals: NTFS, FAT, ext4, APFS — what each is used for
• Slack space, unallocated space, and what deleted-file recovery actually does
• The everyday artefacts: Windows Registry, event logs, browser cache, cookies, email headers
• Mobile basics: IMEI vs IMSI, logical vs physical acquisition

Each question has a detailed explanation citing the relevant RFC, NIST publication, vendor documentation or standard textbook (Carrier, Casey, Nelson). Allow 30 minutes when you take the timed version. The explanations are long enough to use as study notes by themselves; even if you skip the timed run, reading through them once is a complete refresher.