Digital Forensics: Computer Networking Applied Scenarios for Investigators

Applied scenario drill for the FACT digital forensics paper, focused on the computer networking knowledge investigators have to apply at a real scene: subnet arithmetic on /27, /28, and /29 blocks; supernetting and CIDR overlap detection; OSPF cost from interface bandwidth; BGP route-hijack identification from AS-PATH signatures; Spanning Tree Protocol root election; 802.1Q VLAN tagging on trunk versus access ports; ARP storm and switching loop diagnosis; ICMP type and code distinctions covering ping, traceroute, port unreachable, administratively prohibited, and redirect; TCP three-way handshake reading from a pcap snippet; DNS over UDP, TCP, DoT 853, and DoH 443; Wi-Fi 5 versus Wi-Fi 6 capture considerations; WPA2 versus WPA3 SAE handshake; client isolation on a guest SSID; bandwidth-delay product window sizing; jitter versus latency in a VoIP investigation; longest-prefix match in a routing table; carrier-grade NAT shared address space at 100.64.0.0/10 against RFC 1918 private space; NAT traversal versus direct exposure for a residential server.

This mock is for forensic science postgraduates and FACT aspirants who have crossed the definition stage and now need to apply networking facts to investigation scenarios. It is calibrated to the medium band, where every question forces a choice between near-neighbour options that share most attributes and differ on one parameter the investigator has to know cold. The mock is equally useful for UGC-NET Paper II networking-section preparation, NFSU MSc digital forensics, and entry-level GCFA or CHFI revision.

Topics covered:

• Subnet arithmetic and broadcast addresses on /27, /28, /29
• Supernetting, CIDR aggregation, and prefix overlap detection
• OSPF interface cost and BGP route-hijack signatures
• Spanning Tree Protocol root election and switching-loop diagnosis
• 802.1Q VLAN tagging on trunk and access ports
• ICMP type and code distinctions across ping, traceroute, redirect
• TCP three-way handshake from pcap and Path MTU Discovery black holes
• DNS over UDP, TCP, DoT 853, DoH 443, plus EDNS0 buffer sizing
• Wi-Fi 4, 5, 6 standards, WPA3 SAE, and client isolation
• Bandwidth-delay product, jitter versus latency, CGNAT and NAT traversal

Sit the mock under timed conditions, mark the explanation references, and revisit any RFC citations after each session.

Allow 30 minutes.