Digital Forensicseasy Premium
Digital Forensics: Web Browser and Email Forensics
Published:
Questions
30
Duration
30 min
Faculty-reviewed
0
Updated
20 May 2026
Practice with national-level exam (FACT, FACT Plus, NET, CUET, etc.) mocks, learn from structured notes, and get your doubts solved in one place.
Published:
Questions
30
Duration
30 min
Faculty-reviewed
0
Updated
20 May 2026
Score, per-question explanations and topic breakdown shown right after you submit.
Free ForensicSpot account required to save your progress — you’ll sign in when you start.
FACT Digital Forensics paper drill on web browser artefacts and email forensics, covering HTTP cookies and their lifetime, HttpOnly, Secure, and SameSite attributes under RFC 6265, the on-disk layout of Chrome (SQLite History database, Bookmarks JSON file, Login Data with Windows DPAPI, Cache directory) and Firefox (places.sqlite with moz_places, moz_historyvisits, moz_bookmarks), timestamp epochs including the Chrome 1601 UTC microsecond base and the Firefox Unix epoch microsecond base, the Chrome downloads table inside History, macOS Keychain for browser credentials, private and incognito browsing residue in DNS cache and RAM, session restore through sessionstore and Current Session files, the Hindsight cross-browser parsing tool, the email protocol family of SMTP under RFC 5321 on ports 25 and 587, POP3 under RFC 1939 on ports 110 and 995, and IMAP under RFC 3501 on ports 143 and 993, the MIME family beginning at RFC 2045 for multipart and base64 and quoted-printable encoding, the MUA, MTA, and MDA decomposition of mail delivery, Received header reading bottom-up, Message-ID uniqueness, Return-Path versus header From mismatch as a spoof indicator, DKIM under RFC 6376, DMARC under RFC 7489, the PST and OST Outlook storage formats with the local-versus-cache distinction, the MBOX concatenated-message format for Thunderbird and Apple Mail, the EML single-message export, phishing display-name and lookalike-domain indicators, and Section 66D IT Act 2000 for cheating by personation through computer resource.
For FACT aspirants and MSc digital forensics students working through browser-forensics and email-forensics modules, and useful as a revision pass before NFSU MSc, GCFA, CHFI, and Security+ exams. Questions emphasise the canonical artefact paths on Windows and macOS, the RFC numbers and well-known ports that underpin email transport, and the Indian statutory framework under the IT Act 2000 with its 2008 amendment.
Topics covered:
Useful for revision and self-testing before the FACT Digital Forensics paper.
Allow 30 minutes.
Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.