Practice with national-level exam (FACT, FACT Plus, NET, CUET, etc.) mocks, learn from structured notes, and get your doubts solved in one place.
Timed practice tests with instant scoring and per-question explanations.
This mock covers the foundations of Computer Forensics as set out in the FACT exam syllabus (Section B, Elective III, sub-section 1 — Computer Forensics). Thirty questions across the nine pillars a first-year MSc Cyber Forensics student must lock in before tackling case law, Windows-internals deep-dives, malware analysis, and reconstruction: computer hardware seen through a forensic lens (motherboard chipset, RAM volatility, HDD vs SSD, the CPU at the top of the order of volatility), the modern boot process (BIOS vs UEFI, MBR vs GPT, systemd as PID 1 on Linux), file-system fundamentals (NTFS journaling, FAT32's 4 GiB cap, ext4 extents and crtime), first-responder principles (RFC 3227 order of volatility, write blockers, volatile vs non-volatile classification), imaging and hashing (E01 vs raw dd, MD5 collisions vs SHA-256, hex digest lengths), search-and-seizure under post-2024 Indian law (BNSS replacing CrPC, IT Act 2000 sections 65/66/66A/66B with the Shreya Singhal strike-down), Windows artefacts (Registry hives and USBSTOR, Prefetch, the $I/$R Recycle Bin pair, the USN Journal), Linux artefacts (~/.bash_history, /var/log/, dot-file convention), and recovery techniques for deleted, hidden, and altered files (carving, slack space, NTFS Alternate Data Streams, what "delete" actually does). It is pitched at BSc and first-year MSc cyber forensics students at NFSU, LNJN-NICFS, and other Indian universities, and at FACT and UGC-NET aspirants who need the Computer-Forensics foundations locked in. This sits at the introductory tier — vocabulary, definitions, and the most-asked concepts that anchor every later paper. It is **not** a duplicate of Mock #1 (which covers digital-forensics vocabulary across the whole field) — this mock drills specifically into Computer Forensics as a sub-discipline. Themes covered: - Computer hardware from a forensic angle: motherboard chipset, RAM volatility, HDD vs SSD with TRIM, the CPU at the top of the order of volatility - Boot process and firmware: BIOS vs UEFI, MBR vs GPT, Linux systemd as PID 1 - File-system fundamentals: NTFS journaling, FAT32 4 GiB cap, ext4 extents and crtime - First-responder principles: RFC 3227 order of volatility, hardware write blockers, volatile vs non-volatile - Imaging and hashing: E01 vs raw dd, MD5 vs SHA-256, hex digest lengths - Search and seizure under Indian law: BNSS 2023 (replacing CrPC), IT Act sections 65 / 66 / 66A / 66B with the 2015 Shreya Singhal strike-down - Windows artefacts: Registry hives, Prefetch, $I/$R Recycle Bin pair, USN Journal - Linux artefacts: ~/.bash_history, /var/log/, the dot-file hidden convention - Recovery of deleted/hidden/altered files: file carving, slack space, NTFS Alternate Data Streams Each question carries a detailed 220+ word explanation citing standard references (Carrier's File System Forensic Analysis, Casey's Digital Evidence and Computer Crime, Carvey on Windows Registry forensics, RFC 3227, NIST SP 800-86 and 800-88, NIST FIPS PUB 180-4, the IT Act 2000, the BNSS 2023, the Shreya Singhal judgment, and Microsoft / Linux kernel documentation). Allow 15 minutes; the explanations are long enough to use as study notes by themselves. If you can pass this mock comfortably, you have the Computer-Forensics vocabulary that the application-level mocks (#3 Windows artefacts, #4 mobile acquisition, #5 email forensics) build on.
This mock covers email forensics — header analysis, sender authentication (SPF, DKIM, DMARC), spoofing techniques and how to detect them, phishing investigation, business email compromise (BEC), and the legal framework for email-based offences in India. Thirty questions test what every header field means and how to read it, how SPF / DKIM / DMARC verdicts appear in Authentication-Results, the difference between display-name spoofing and full envelope forgery, how to trace a phishing campaign back to its kit and infrastructure, attachment forensics (MIME, Base64, hash matching to MITRE ATT&CK and VirusTotal), and the prosecution handles under IT Act Sections 66C, 66D and BNS Section 318. It is pitched at BSc and first-year MSc cyber forensics students, FACT and UGC-NET aspirants, and incident-response analysts at Indian SOCs and CERT-In-affiliated teams. Email is the single largest entry vector for cyber-crime complaints registered on the National Cyber Crime Reporting Portal; every cyber-crime cell sees dozens of email cases per week, which makes mastering this area one of the highest-leverage investments for any cyber forensics student. Themes covered: - Email header anatomy: Received, Message-ID, Return-Path, Reply-To, From, Date, X-Originating-IP - SMTP / IMAP / POP3 — what each protocol does, the standard ports, and what trace each leaves - SPF (RFC 7208), DKIM (RFC 6376), DMARC (RFC 7489), ARC (RFC 8617), BIMI - Header spoofing vs envelope spoofing; how From and Return-Path can disagree - Display-name attacks, IDN homograph attacks vs ASCII typosquats, lookalike-domain detection - Phishing kit fingerprinting and OSINT pivots from a phishing URL (WHOIS, DNS, ASN, crt.sh) - Attachment forensics: MIME structure, Base64, hash-to-malware-family lookup - Email storage formats: EML, MSG, PST, OST, MBOX — what each is and how to parse - Indian legal handle: IT Act Sections 66C (identity theft), 66D (cheating by personation), BNS Section 318 - Operational response: 1930 helpline, cybercrime.gov.in, the CFCFRMS golden-hour fund-hold mechanism Each question carries a detailed explanation citing the relevant RFC verbatim, NIST SP 800-86 for incident-response procedure, MITRE ATT&CK for technique mappings, the IT Act for the Indian legal handle, and Microsoft / Google admin documentation for header behaviour. Allow 15 minutes; the explanations are long enough to use as study notes by themselves.
This mock covers the foundational concepts and vocabulary every digital forensics student must know — the building blocks of every later course, every exam paper, and every real investigation. Thirty questions across storage and memory, the order of volatility, write blockers, forensic imaging, hashing for integrity, file systems (NTFS, ext4, APFS, FAT), chain of custody, first-responder procedures, Faraday bags, and the routine artefacts (Windows Registry, event logs, browser cache, email headers) that turn raw devices into evidence. It is pitched at BSc and first-year MSc cyber forensics students at NFSU, LNJN-NICFS and other Indian universities, and at FACT or UGC-NET aspirants who need the introductory layer locked in before tackling case law, tool-specific procedure, and reconstruction. If you can pass this mock comfortably, you have the vocabulary for every advanced cyber-forensics topic that follows. Themes covered: - Volatile vs non-volatile memory and the order of volatility (RFC 3227) - Write blockers and why they matter for evidence integrity - Forensic imaging, hashing (MD5, SHA-256), and the EnCase E01 format - Chain of custody — what it is, what breaks it - First-responder priorities and the Faraday-bag rule for mobile devices - File system fundamentals: NTFS, FAT, ext4, APFS — what each is used for - Slack space, unallocated space, and what deleted-file recovery actually does - The everyday artefacts: Windows Registry, event logs, browser cache, cookies, email headers - Mobile basics: IMEI vs IMSI, logical vs physical acquisition Each question has a detailed explanation citing the relevant RFC, NIST publication, vendor documentation or standard textbook (Carrier, Casey, Nelson). Allow 15 minutes when you take the timed version. The explanations are long enough to use as study notes by themselves; even if you skip the timed run, reading through them once is a complete refresher.