Question 1

What does the Digital Forensics: Windows, Linux and macOS System Artifacts mock cover?

Accepted Answer

FACT digital forensics drill on operating-system artefacts across Windows, Linux, and macOS, covering NTFS Master File Table internals, registry hives (HKLM\SYSTEM, NTUSER.DAT, SAM, SOFTWARE), event logs in .evtx form, LNK shortcuts, prefetch (.pf) files, the $Recycle.Bin with paired $I and $R files, shellbags, Volume Shadow Copies and System Restore, pagefile.sys, hiberfil.sys, NTFS Alternate Data Streams and slack space, plus the Linux Filesystem Hierarchy Standard, SUID/SGID/sticky semantics,

Question 2

How many questions and how long is the test?

Accepted Answer

30 multiple-choice questions, 30 minutes total. Difficulty: easy. Tier: Premium.

Question 3

Who is this mock for?

Accepted Answer

Forensic science aspirants preparing for the NFSU FACT entrance, UGC-NET Forensic Science, university PG entrances, and BSc / MSc forensic students who want timed practice with explanations and source citations on Digital Forensics, FACT.

Question 4

Are the questions reviewed?

Accepted Answer

Each question carries a verified source citation. Faculty review for individual questions is in progress.

Question 5

Do I need an account to take this mock?

Accepted Answer

Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.

Your journey to becoming a forensic professional starts here.

Digital Forensics: Windows, Linux and macOS System Artifacts

About this mock

How our mocks are built