Skip to content
Digital Forensicseasy Premium

Digital Forensics: First Responder and Digital Evidence Handling

Published:

Questions

30

Duration

30 min

Faculty-reviewed

0

Updated

20 May 2026

Score, per-question explanations and topic breakdown shown right after you submit.

About this mock

FACT Forensic Aptitude Common Test drill on the first-responder role and digital evidence handling, covering the on-scene priority list at a powered-on computer, the live-response versus pull-the-plug decision, the toolkit a responder carries (Faraday bag, anti-static bag, write blocker, imaging device, evidence labels, chain-of-custody form), search and seizure powers under BNSS 2023 Section 94 and IT Act 2000 Section 80, the admissibility framework under Section 65B IEA 1872 and Section 63 BSA 2023, RFC 3227 order of volatility, NIST SP 800-88 sanitization categories, forensic imaging and hashing with SHA-256, recovery of deleted, hidden, and altered files, handling of encrypted volumes under IT Act Section 69, and the Anvar P.V. and Arjun Panditrao Supreme Court line on Section 65B certification.

For FACT aspirants, NFSU MSc digital forensics entrants, CHFI candidates, and police officers preparing for cybercrime investigator certification. Questions are calibrated at the easy band for first-pass concept refresh and exam vocabulary, with single-fact recall on definitions, statutory sections, RFC 3227 ordering, hash function status, and the chain-of-custody framework anchored in Indian procedural law.

Topics covered:

  • First responder priority, live response, and pull-the-plug decision
  • Toolkit: Faraday bag, anti-static bag, write blocker, imaging device
  • BNSS 2023 Section 94, IT Act 2000 Sections 69 and 80
  • Section 65B IEA 1872 and Section 63 BSA 2023 certificate, Anvar and Arjun Panditrao
  • Volatile vs non-volatile evidence and RFC 3227 order of volatility
  • NIST SP 800-88 sanitization, forensic imaging formats, write blockers, hashing
  • Memory acquisition (DumpIt, FTK Imager, LiME) and chain of custody
  • Recovery of deleted, hidden, altered files, encrypted volumes, formatted drives

Useful for revision and self-testing before the FACT digital forensics paper.

Allow 30 minutes.

Sources & references

Questions in this mock are written and verified against the following sources. Citations are recorded per question and shown in the explanation after submission.

  • Carrier, Brian

    File System Forensic Analysis, Addison-Wesley 2005, Chapter on NTFS Attributes and Alternate Data Streams

    cited in 4 questions
  • Nelson, B., Phillips, A., Steuart, C.

    Guide to Computer Forensics and Investigations, 6th Edition, Cengage, Chapter on Image File Formats

    cited in 4 questions
  • Brezinski, D. and Killalea, T. — RFC 3227, Guidelines for Evidence Collection and Archiving

    IETF, February 2002, Section 2.1: Order of Volatility

    Open source
    cited in 3 questions
  • Casey, Eoghan

    Digital Evidence and Computer Crime, 3rd Edition, Academic Press 2011, Chapter on Encrypted Media

    cited in 3 questions
  • Ayers, R., Brothers, S., Jansen, W. — NIST SP 800-101 Rev 1, Guidelines on Mobile Device Forensics

    Section 4: Preservation, Isolation from the Cellular Network

    Open source
    cited in 2 questions
  • Indian Evidence Act, 1872 and Bharatiya Sakshya Adhiniyam, 2023

    Section 65B(4) IEA 1872 and corresponding Section 63 BSA 2023

    Open source
    cited in 2 questions
  • Information Technology Act, 2000

    Section 80: Power of Police Officer and Other Officers to Enter, Search etc.

    Open source
    cited in 2 questions
  • Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal

    (2020) 7 SCC 1, Supreme Court of India, clarification of Anvar P.V. on Section 65B IEA 1872

    cited in 1 question
  • Kissel, R., Regenscheid, A., Scholl, M., Stine, K. — NIST SP 800-88 Rev 1, Guidelines for Media Sanitization

    Section 2.5: Sanitization Categories, Clear, Purge, and Destroy

    Open source
    cited in 1 question
  • Ligh, M.H., Case, A., Levy, J., Walters, A.

    The Art of Memory Forensics, Wiley 2014, Chapter on Memory Acquisition Tools

    cited in 1 question
  • Anvar P.V. v. P.K. Basheer

    (2014) 10 SCC 473, Supreme Court of India, certification under Section 65B IEA 1872

    cited in 1 question
  • Wang, X. and Yu, H.

    How to Break MD5 and Other Hash Functions, EUROCRYPT 2005; NIST guidance on hash function transition

    Open source
    cited in 1 question
  • Bharatiya Nagarik Suraksha Sanhita, 2023

    Section 94: Summons to Produce Document or Other Thing; corresponding Section 91 CrPC 1973

    Open source
    cited in 1 question
  • Bureau of Police Research and Development

    Cyber Crime Investigation Manual, Digital Evidence Collection and Packaging

    Open source
    cited in 1 question
  • Lyle, J. — NIST Computer Forensics Tool Testing Program

    Hardware Write Blocker Specification and Test Plan, NIST CFTT

    Open source
    cited in 1 question
  • Microsoft Learn

    Behaviour of the Quick Format and Full Format Options in Windows, KB article and current docs

    Open source
    cited in 1 question
  • NIST SP 800-86 — Guide to Integrating Forensic Techniques into Incident Response

    Section 3: Performing the Forensic Process, Data Collection and Acquisition

    Open source
    cited in 1 question

How our mocks are built

Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.

Common questions

What does the Digital Forensics: First Responder and Digital Evidence Handling mock cover?+

FACT Forensic Aptitude Common Test drill on the first-responder role and digital evidence handling, covering the on-scene priority list at a powered-on computer, the live-response versus pull-the-plug decision, the toolkit a responder carries (Faraday bag, anti-static bag, write blocker, imaging device, evidence labels, chain-of-custody form), search and seizure powers under BNSS 2023 Section 94 and IT Act 2000 Section 80, the admissibility framework under Section 65B IEA 1872 and Section 63 BSA

How many questions and how long is the test?+

30 multiple-choice questions, 30 minutes total. Difficulty: easy. Tier: Premium.

Who is this mock for?+

Forensic science students and aspirants who want timed, exam-style practice with explanations and verified source citations on Digital Forensics, FACT. Useful for postgraduate entrance preparation and for BSc / MSc forensic students testing their recall under time.

Are the questions reviewed?+

Each question carries a verified source citation. Faculty review for individual questions is in progress.

Do I need an account to take this mock?+

Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.