Skip to content
Digital Forensicseasy Premium

Digital Forensics: Network Forensics and Computer Networking Foundations

Published:

Questions

30

Duration

30 min

Faculty-reviewed

0

Updated

20 May 2026

Score, per-question explanations and topic breakdown shown right after you submit.

About this mock

This FACT-style mock covers the network forensics and computer-networking foundations that every digital-forensics student is expected to control before stepping into a packet capture. The thirty questions sweep across analog and digital signalling, baseband and broadband transmission, classical network topologies including star, bus, ring and mesh, and the geographical taxonomy of LAN, MAN and WAN networks. From there the paper moves into the OSI seven-layer model and the TCP/IP four-layer stack, the canonical PDU vocabulary of frames, packets, segments and datagrams, the difference between TCP and UDP, the TCP three-way handshake, and the well-known port numbers an investigator quotes from memory: 22 for SSH, 25 for SMTP, 53 for DNS, 80 for HTTP, 443 for HTTPS. The IP-addressing block covers classful IPv4 ranges, RFC 1918 private space, loopback and APIPA, CIDR prefix-to-mask conversion, subnet sizing with the /27 worked example, and supernetting for BGP route aggregation. The hardware and switching block separates hub from switch from router, fixes MAC-address structure with the OUI in the first 24 bits, places ARP at Layer 2, and pins the 802.1Q VLAN ID at 12 bits.\n\nThe paper is calibrated for FACT entrance preparation and is equally useful for MSc Digital Forensics, NFSU MSc entrance candidates, UGC-NET Forensic Science Paper II networking sections, and self-study readers using Tanenbaum, Forouzan, Stallings, and Kurose-Ross as their primary texts.\n\nTopics covered:\n- Analog vs digital signalling, baseband vs broadband, digital modulation families\n- Topologies (star, bus, ring, mesh) and network types (LAN, MAN, WAN)\n- OSI seven layers and TCP/IP four-layer stack with PDU vocabulary\n- TCP vs UDP, the three-way handshake, well-known port numbers\n- IPv4 classful ranges, RFC 1918 private space, loopback and APIPA\n- CIDR notation, /24 mask, /27 host arithmetic, supernetting and BGP aggregation\n- Hub, switch, router; MAC address structure; ARP; 802.1Q VLAN tagging; store-and-forward\n- Routing protocol families (OSPF, RIP, BGP), ICMP traceroute, Wi-Fi 4/5/6, WEP/WPA/WPA2/WPA3, bandwidth vs latency vs jitter\n\nUse this as a baseline check on the networking foundation that every subsequent network-forensics paper assumes. Allow 30 minutes.

Sources & references

Questions in this mock are written and verified against the following sources. Citations are recorded per question and shown in the explanation after submission.

  • Tanenbaum, Andrew S.

    Computer Networks, 5th Edition (Pearson, 2010), Chapter 1: Introduction and Network Topologies

    cited in 6 questions
  • Forouzan, Behrouz A.

    Data Communications and Networking, 5th Edition (McGraw-Hill, 2012), Chapter 3: Data and Signals

    cited in 5 questions
  • RFC 4632

    Classless Inter-Domain Routing (Fuller and Li, 2006), Section on Route Aggregation

    Open source
    cited in 3 questions
  • RFC 793

    Transmission Control Protocol (Postel, 1981), Section on Connection Establishment

    Open source
    cited in 2 questions
  • IANA Service Name and Transport Protocol Port Number Registry

    Well-known port 443: HTTPS / HTTP over TLS

    Open source
    cited in 2 questions
  • Wi-Fi Alliance

    Wi-Fi Generations naming: Wi-Fi 4 (802.11n), Wi-Fi 5 (802.11ac), Wi-Fi 6 (802.11ax)

    Open source
    cited in 1 question
  • RFC 3927

    Dynamic Configuration of IPv4 Link-Local Addresses (Cheshire et al., 2005)

    Open source
    cited in 1 question
  • IEEE 802.1Q

    Standard for Local and Metropolitan Area Networks: Bridges and Bridged Networks, VLAN Tagging

    Open source
    cited in 1 question
  • RFC 793 and RFC 768

    Transmission Control Protocol (1981) and User Datagram Protocol (1980)

    Open source
    cited in 1 question
  • RFC 8200

    Internet Protocol, Version 6 (IPv6) Specification (Deering and Hinden, 2017), Section 2 on Addressing

    Open source
    cited in 1 question
  • IEEE 802.3

    IEEE Standard for Ethernet, Section on MAC Frame Format and Addressing

    Open source
    cited in 1 question
  • Stallings, William

    Data and Computer Communications, 10th Edition (Pearson), Chapter on Signal Encoding Techniques

    cited in 1 question
  • RFC 791

    Internet Protocol (Postel, 1981), Section on Time to Live and Section on ICMP Time Exceeded

    Open source
    cited in 1 question
  • RFC 1918

    Address Allocation for Private Internets (Rekhter et al., 1996), Section 3

    Open source
    cited in 1 question
  • RFC 2328

    OSPF Version 2 (Moy, 1998)

    Open source
    cited in 1 question
  • RFC 826

    An Ethernet Address Resolution Protocol (Plummer, 1982)

    Open source
    cited in 1 question
  • IEEE 802.11-2020

    IEEE Standard for Information Technology, Section on Robust Security Network and deprecation of WEP

    Open source
    cited in 1 question

How our mocks are built

Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.

Common questions

What does the Digital Forensics: Network Forensics and Computer Networking Foundations mock cover?+

This FACT-style mock covers the network forensics and computer-networking foundations that every digital-forensics student is expected to control before stepping into a packet capture. The thirty questions sweep across analog and digital signalling, baseband and broadband transmission, classical network topologies including star, bus, ring and mesh, and the geographical taxonomy of LAN, MAN and WAN networks. From there the paper moves into the OSI seven-layer model and the TCP/IP four-layer stac

How many questions and how long is the test?+

30 multiple-choice questions, 30 minutes total. Difficulty: easy. Tier: Premium.

Who is this mock for?+

Forensic science students and aspirants who want timed, exam-style practice with explanations and verified source citations on Digital Forensics, FACT. Useful for postgraduate entrance preparation and for BSc / MSc forensic students testing their recall under time.

Are the questions reviewed?+

Each question carries a verified source citation. Faculty review for individual questions is in progress.

Do I need an account to take this mock?+

Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.