Digital Forensicseasy Premium
Digital Forensics: Virtual Machine and Cloud Forensics
Published:
Questions
30
Duration
30 min
Faculty-reviewed
0
Updated
20 May 2026
Practice with national-level exam (FACT, FACT Plus, NET, CUET, etc.) mocks, learn from structured notes, and get your doubts solved in one place.
Published:
Questions
30
Duration
30 min
Faculty-reviewed
0
Updated
20 May 2026
Score, per-question explanations and topic breakdown shown right after you submit.
Free ForensicSpot account required to save your progress — you’ll sign in when you start.
FACT Digital Forensics paper drill on virtual machine and cloud forensics, covering hypervisor types under the Type 1 bare-metal model with VMware ESXi, Xen, Hyper-V, and KVM, the Type 2 hosted model with VMware Workstation, VirtualBox, and Parallels, virtual disk formats including VMDK on VMware, VHD and VHDX on Microsoft Hyper-V, QCOW2 on QEMU and KVM, and VDI on VirtualBox, thin and thick provisioning, VM snapshot artefacts such as .vmsn, .vmem, delta .vmdk, and .vmss suspended-state files, the .vmx configuration file and .nvram BIOS variables, live versus cold acquisition, forensic mounting of virtual disks using FTK Imager, vmware-mount, and qemu-nbd, the VM escape attack class, and the cloud forensics framework drawn from NIST SP 800-145 service and deployment models, NIST IR 8006 forensic challenges, NIST SP 800-86 procedural guidance, the US CLOUD Act 2018, and the Indian Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, with provider-specific evidence sources including AWS CloudTrail and VPC flow logs, Azure Activity Log, Google Cloud Audit Logs, S3 object versioning, and ephemerality concerns in managed containers and serverless functions on Lambda, Azure Functions, and Cloud Functions.
For FACT aspirants and MSc digital forensics students working through virtualisation and cloud modules, and useful as a revision pass before NFSU MSc, GCFA, CCSK, CHFI, and CCSP exams. Questions emphasise definitions, vendor mapping, evidence-source identification, and the Indian and US legal framework for cross-border cloud investigations.
Topics covered:
Useful for revision and self-testing before the FACT Digital Forensics paper.
Allow 30 minutes.
Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.