Skip to content
Digital Forensicshard Premium

Digital Forensics: First Responder and Digital Evidence Advanced

Published:

Questions

30

Duration

30 min

Faculty-reviewed

0

Updated

20 May 2026

Score, per-question explanations and topic breakdown shown right after you submit.

About this mock

Hard-band FACT digital forensics drill on first responder doctrine and digital evidence admissibility in 2026 India. Synthesis-level questions span Section 65B IEA 1872 and Section 63 BSA 2023 with sub-clause precision, the Anvar P.V. (2014), Shafhi Mohammad (2018, overruled), Arjun Panditrao Khotkar (2020), and Tomaso Bruno (2015, per incuriam) line, the new BNSS 2023 search and production framework (Sections 94, 103, 105, 185, 186), the IT Act 2000 (Sections 69, 79A, 80, 84A), NIST SP 800-88 Revision 1 sanitization categories with media-type boundaries, RFC 3227 seven-layer volatility, hash deprecation (MD5 Wang-Yu 2005, SHA-1 SHAttered 2017, Shambles 2020), memory acquisition (LiME, DumpIt, OSXPmem, MacQuisition) with smear analysis, imaging formats (raw dd, E01, Ex01, AFF4, L01) with integrity-tag granularity, write blockers (Tableau T35689iu, T356887iu, T7u, T8u NVMe), encryption recovery scenarios (LUKS2 Argon2id, BitLocker TPM, FileVault 2, APFS), iOS BFU vs AFU state, checkm8 boundary (A5 to A11), and chain-of-custody curable-versus-fatal-break doctrine. Distractor design uses one-parameter swaps across statute subsections, vendor model numbers, RFC layer ordering, and judgment names so that surface familiarity is insufficient.

Calibrated for candidates targeting the top decile in the FACT digital forensics paper, NFSU MSc digital forensics entrance, and the cyber-crime modules of the UGC-NET Forensic Science Paper II. Useful as a final-stretch verification drill for examinees who have cleared the easy and applied-scenarios sets and need to test edge cases. Aim for 30 to 40 percent accuracy; hard-band distractors differ from the correct answer on one specific parameter (one statute subsection, one model number, one RFC layer, one judgment name) and a single misread will pull you onto the wrong option.

Topics covered:

  • Section 65B IEA 1872 and Section 63 BSA 2023 sub-clause precision
  • Anvar, Shafhi, Arjun Panditrao, Tomaso Bruno case line
  • BNSS 94, 103, 105, 185, 186 with CrPC counterparts
  • IT Act 69, 79A, 80, 84A interception and expert-evidence powers
  • NIST SP 800-88 Rev 1 Clear, Purge, Destroy by media type
  • RFC 3227 seven-layer order of volatility
  • Hash deprecation timeline MD5, SHA-1, SHAttered, Shambles
  • Memory acquisition (LiME, DumpIt, OSXPmem, MacQuisition) and smear

Written by ForensicSpot Editorial. Allow 30 minutes.

Sources & references

Questions in this mock are written and verified against the following sources. Citations are recorded per question and shown in the explanation after submission.

  • Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal

    (2020) 7 SCC 1, Supreme Court of India, three-judge bench, paras 59 to 73 on Shafhi Mohammad

    cited in 3 questions
  • Information Technology Act 2000

    Section 79A IT Act 2000, Examiner of Electronic Evidence; read with Section 45A IEA and Section 39(2) BSA

    Open source
    cited in 2 questions
  • Kissel, R., Regenscheid, A., Scholl, M., Stine, K. — NIST SP 800-88 Revision 1

    Guidelines for Media Sanitization, Appendix A, flash media sanitization matrix

    Open source
    cited in 2 questions
  • Indian Evidence Act 1872 and Bharatiya Sakshya Adhiniyam 2023

    Section 65B(4) IEA and Section 63(4) BSA, person occupying a responsible official position

    Open source
    cited in 2 questions
  • Bharatiya Nagarik Suraksha Sanhita 2023

    Section 105 BNSS, audio-video recording of search and seizure, forwarding to magistrate

    Open source
    cited in 2 questions
  • Ligh, M.H., Case, A., Levy, J., Walters, A.

    The Art of Memory Forensics, Wiley 2014, memory smear and acquisition-tool limitations

    cited in 2 questions
  • Apple Platform Security Guide

    Data protection classes, Before-First-Unlock and After-First-Unlock state semantics on iOS

    Open source
    cited in 1 question
  • Microsoft Learn — File System Internals

    NTFS USN journal, $UsnJrnl:$J and $UsnJrnl:$Max alternate data streams; Carrier, FSFA

    Open source
    cited in 1 question
  • Microsoft Learn — BitLocker Recovery Guide

    BitLocker recovery key escrow in Active Directory Domain Services and Microsoft Entra ID; msFVE-RecoveryInformation attribute

    Open source
    cited in 1 question
  • Cellebrite — Mobile Forensic Solutions

    Checkm8 Acquisition documentation for Apple A5 to A11 devices; comparison with Advanced Logical and FFS profiles

    Open source
    cited in 1 question
  • Carrier, Brian

    File System Forensic Analysis, Addison-Wesley, NTFS FILETIME timestamps and nanosecond-component analysis

    cited in 1 question
  • Cohen, M., Garfinkel, S., Schatz, B.

    Extending the Advanced Forensic Format to accommodate multiple data sources, DFRWS 2009; libewf documentation

    Open source
    cited in 1 question
  • axi0mX — checkm8 disclosure

    Boot ROM exploit affecting Apple A5 to A11 chips, September 2019; checkra1n implementation

    Open source
    cited in 1 question
  • Bureau of Police Research and Development

    Cyber Crime Investigation Manual, chain-of-custody procedures and remedial documentation

    Open source
    cited in 1 question
  • Wang, X., Yu, H. — CRYPTO 2005

    How to Break MD5 and Other Hash Functions; Sotirov, Stevens et al. (2008) MD5 considered harmful today, chosen-prefix collision on X.509

    Open source
    cited in 1 question
  • OpenText Tableau — Forensic Bridges

    Tableau T8u Forensic USB 3.1 Bridge for NVMe; product specification and NIST CFTT validation

    Open source
    cited in 1 question
  • Kent, K., Chevalier, S., Grance, T., Dang, H. — NIST SP 800-86

    Guide to Integrating Forensic Techniques into Incident Response, Section 3, live and dead acquisition strategies

    Open source
    cited in 1 question
  • Brezinski, D., Killalea, T. — RFC 3227

    Guidelines for Evidence Collection and Archiving, IETF, February 2002, Section 2.1 Order of Volatility

    Open source
    cited in 1 question
  • Fruhwirth, C., Broz, M.

    LUKS2 on-disk format specification, Argon2id key derivation parameters; cryptsetup manual

    Open source
    cited in 1 question
  • Selvi v. State of Karnataka

    (2010) 7 SCC 263, paras 222 to 225; Section 27 IEA 1872 and Section 23 BSA 2023

    Open source
    cited in 1 question
  • Leurent, G., Peyrin, T. — SHA-1 is a Shambles

    USENIX Security 2020; Stevens, Bursztein, Karpman, Albertini, Markov, The first collision for full SHA-1, CRYPTO 2017

    Open source
    cited in 1 question
  • Bharatiya Nagarik Suraksha Sanhita 2023 and Code of Criminal Procedure 1973

    Section 94 BNSS corresponding to Section 91 CrPC, production of documents

    Open source
    cited in 1 question
  • OpenText EnCase — User Guide

    EnCase Evidence File formats EWF v1 (E01) and EWF v2 (Ex01); libewf documentation

    Open source
    cited in 1 question

How our mocks are built

Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.

Common questions

What does the Digital Forensics: First Responder and Digital Evidence Advanced mock cover?+

Hard-band FACT digital forensics drill on first responder doctrine and digital evidence admissibility in 2026 India. Synthesis-level questions span Section 65B IEA 1872 and Section 63 BSA 2023 with sub-clause precision, the Anvar P.V. (2014), Shafhi Mohammad (2018, overruled), Arjun Panditrao Khotkar (2020), and Tomaso Bruno (2015, per incuriam) line, the new BNSS 2023 search and production framework (Sections 94, 103, 105, 185, 186), the IT Act 2000 (Sections 69, 79A, 80, 84A), NIST SP 800-88 R

How many questions and how long is the test?+

30 multiple-choice questions, 30 minutes total. Difficulty: hard. Tier: Premium.

Who is this mock for?+

Forensic science students and aspirants who want timed, exam-style practice with explanations and verified source citations on Digital Forensics, FACT. Useful for postgraduate entrance preparation and for BSc / MSc forensic students testing their recall under time.

Are the questions reviewed?+

Each question carries a verified source citation. Faculty review for individual questions is in progress.

Do I need an account to take this mock?+

Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.