Skip to content
Digital Forensicsmedium Premium

Digital Forensics: Computer Networking Applied Scenarios for Investigators

Published:

Questions

30

Duration

30 min

Faculty-reviewed

0

Updated

20 May 2026

Score, per-question explanations and topic breakdown shown right after you submit.

About this mock

Applied scenario drill for the FACT digital forensics paper, focused on the computer networking knowledge investigators have to apply at a real scene: subnet arithmetic on /27, /28, and /29 blocks; supernetting and CIDR overlap detection; OSPF cost from interface bandwidth; BGP route-hijack identification from AS-PATH signatures; Spanning Tree Protocol root election; 802.1Q VLAN tagging on trunk versus access ports; ARP storm and switching loop diagnosis; ICMP type and code distinctions covering ping, traceroute, port unreachable, administratively prohibited, and redirect; TCP three-way handshake reading from a pcap snippet; DNS over UDP, TCP, DoT 853, and DoH 443; Wi-Fi 5 versus Wi-Fi 6 capture considerations; WPA2 versus WPA3 SAE handshake; client isolation on a guest SSID; bandwidth-delay product window sizing; jitter versus latency in a VoIP investigation; longest-prefix match in a routing table; carrier-grade NAT shared address space at 100.64.0.0/10 against RFC 1918 private space; NAT traversal versus direct exposure for a residential server.

This mock is for forensic science postgraduates and FACT aspirants who have crossed the definition stage and now need to apply networking facts to investigation scenarios. It is calibrated to the medium band, where every question forces a choice between near-neighbour options that share most attributes and differ on one parameter the investigator has to know cold. The mock is equally useful for UGC-NET Paper II networking-section preparation, NFSU MSc digital forensics, and entry-level GCFA or CHFI revision.

Topics covered:

  • Subnet arithmetic and broadcast addresses on /27, /28, /29
  • Supernetting, CIDR aggregation, and prefix overlap detection
  • OSPF interface cost and BGP route-hijack signatures
  • Spanning Tree Protocol root election and switching-loop diagnosis
  • 802.1Q VLAN tagging on trunk and access ports
  • ICMP type and code distinctions across ping, traceroute, redirect
  • TCP three-way handshake from pcap and Path MTU Discovery black holes
  • DNS over UDP, TCP, DoT 853, DoH 443, plus EDNS0 buffer sizing
  • Wi-Fi 4, 5, 6 standards, WPA3 SAE, and client isolation
  • Bandwidth-delay product, jitter versus latency, CGNAT and NAT traversal

Sit the mock under timed conditions, mark the explanation references, and revisit any RFC citations after each session.

Allow 30 minutes.

Sources & references

Questions in this mock are written and verified against the following sources. Citations are recorded per question and shown in the explanation after submission.

  • RFC 4632

    Classless Inter-Domain Routing (Fuller and Li, 2006), Section on Prefix Aggregation and Subsumption

    Open source
    cited in 4 questions
  • RFC 792

    Internet Control Message Protocol (Postel, 1981), Time Exceeded Message

    Open source
    cited in 3 questions
  • IEEE 802.1D

    Media Access Control Bridges, Section on Spanning Tree Root Election

    Open source
    cited in 1 question
  • RFC 6996 and RFC 6480

    Autonomous System Reservation for Private Use; Infrastructure to Support Secure BGP Routing

    Open source
    cited in 1 question
  • RFC 2328

    OSPF Version 2 (Moy, 1998), Section on Interface Cost and Cisco implementation

    Open source
    cited in 1 question
  • Wi-Fi Alliance WPA3 Specification and IEEE 802.11-2020

    Simultaneous Authentication of Equals (SAE) and Dragonfly Key Exchange

    cited in 1 question
  • RFC 7323

    TCP Extensions for High Performance, Window Scale Option

    Open source
    cited in 1 question
  • Cisco LAN Switching Configuration Guide

    Broadcast Storm Control and Spanning Tree Loop Diagnosis

    cited in 1 question
  • RFC 6888

    Common Requirements for Carrier-Grade NATs (CGNs)

    Open source
    cited in 1 question
  • Wi-Fi Alliance Generational Brand Specification and IEEE 802.11-2020

    Wi-Fi 4, Wi-Fi 5, Wi-Fi 6, Wi-Fi 6E, and Wi-Fi 7 marketing names

    cited in 1 question
  • IEEE 802.11-2020 and Wi-Fi Alliance Wi-Fi 6 Specification

    High-Efficiency Wireless (HEW) Amendment and OFDMA Resource Units

    Open source
    cited in 1 question
  • IEEE 802.1Q

    Bridges and Bridged Networks: Virtual LAN Tagging on Trunk and Access Ports

    Open source
    cited in 1 question
  • Cisco IOS Security Configuration Guide

    Access Control List Processing Order and First-Match Semantics

    cited in 1 question
  • RFC 6598

    IANA-Reserved IPv4 Prefix for Shared Address Space (Weil et al., 2012)

    Open source
    cited in 1 question
  • RFC 6891

    Extension Mechanisms for DNS (EDNS(0)) (Damas, Graff, Vixie, 2013)

    Open source
    cited in 1 question
  • RFC 792 and RFC 1812

    Internet Control Message Protocol, ICMP Redirect Messages

    Open source
    cited in 1 question
  • RFC 7858 and RFC 8484

    Specification for DNS over TLS, and DNS over HTTPS

    Open source
    cited in 1 question
  • RFC 793

    Transmission Control Protocol (Postel, 1981), Connection Establishment Section

    Open source
    cited in 1 question
  • IEEE 802.1D and Cisco LAN Switching Troubleshooting Guide

    Spanning Tree Protocol State Inspection during Layer 2 Loops

    Open source
    cited in 1 question
  • RFC 1191

    Path MTU Discovery (Mogul and Deering, 1990)

    Open source
    cited in 1 question
  • Forouzan, Behrouz A.

    Data Communications and Networking, 5th Edition (McGraw-Hill, 2012), Chapter 19: IPv4 Addressing

    cited in 1 question
  • RFC 1812 and RFC 792

    Requirements for IP Version 4 Routers, and Internet Control Message Protocol codes

    Open source
    cited in 1 question
  • RFC 3550 and ITU-T G.114

    RTP: A Transport Protocol for Real-Time Applications, and One-Way Transmission Time recommendation

    Open source
    cited in 1 question
  • Tanenbaum, Andrew S.

    Computer Networks, 5th Edition (Pearson, 2010), Chapter on Network Layer Forwarding

    cited in 1 question
  • Cisco Wireless LAN Controller Configuration Guide

    Peer-to-Peer Blocking and Guest SSID Client Isolation

    cited in 1 question

How our mocks are built

Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.

Common questions

What does the Digital Forensics: Computer Networking Applied Scenarios for Investigators mock cover?+

Applied scenario drill for the FACT digital forensics paper, focused on the computer networking knowledge investigators have to apply at a real scene: subnet arithmetic on /27, /28, and /29 blocks; supernetting and CIDR overlap detection; OSPF cost from interface bandwidth; BGP route-hijack identification from AS-PATH signatures; Spanning Tree Protocol root election; 802.1Q VLAN tagging on trunk versus access ports; ARP storm and switching loop diagnosis; ICMP type and code distinctions covering

How many questions and how long is the test?+

30 multiple-choice questions, 30 minutes total. Difficulty: medium. Tier: Premium.

Who is this mock for?+

Forensic science students and aspirants who want timed, exam-style practice with explanations and verified source citations on Digital Forensics, FACT. Useful for postgraduate entrance preparation and for BSc / MSc forensic students testing their recall under time.

Are the questions reviewed?+

Each question carries a verified source citation. Faculty review for individual questions is in progress.

Do I need an account to take this mock?+

Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.