Practice with national-level exam (FACT, FACT Plus, NET, CUET, etc.) mocks, learn from structured notes, and get your doubts solved in one place.
Free, timed forensic mock tests for NFSU FACT, UGC-NET and university entrances. Instant scoring, per-question explanations and a topic breakdown after every attempt.
FACT Digital Forensics paper drill on malware forensics from the analyst's bench, covering the classical taxonomy of viruses, worms, and Trojans, the ransomware family with its locker and crypto classes and the worm-style propagation behind WannaCry 2017 and NotPetya 2017 through the EternalBlue SMBv1 exploit, the spyware versus adware distinction, user-mode and kernel-mode rootkits and hardware keyloggers, fileless malware that lives in memory through PowerShell and WMI, static analysis of the Windows Portable Executable (PE) format with its DOS header, NT headers, and Import Address Table (IAT), the Linux Executable and Linkable Format (ELF) defined in the System V ABI, the strings utility for fast triage, YARA pattern matching, the Mandiant imphash, packer recognition through UPX section names and high entropy, dynamic analysis with the Cuckoo and CAPE sandboxes, Sysinternals Process Monitor on Windows, Wireshark for command-and-control traffic capture inside the sandbox, anti-VM checks through CPUID and MAC OUI inspection, reverse engineering with Ghidra (NSA, 2019) and x64dbg, the IoC taxonomy spanning hashes, IP addresses, domains, registry keys, and mutexes, OASIS STIX and TAXII for threat intelligence sharing, David Bianco's Pyramid of Pain (2013), and the MITRE ATT&CK tactics and techniques matrix. For FACT aspirants and MSc digital forensics students working through malware analysis and incident response modules, and useful as a revision pass before NFSU MSc, GREM, GCFA, and CHFI exams. Questions emphasise definitions, tooling, and the registry and file system artefacts an incident responder hunts for, with explicit references to NIST SP 800-83, NIST SP 800-86, and the standard textbooks by Sikorski and Honig, Ligh and colleagues, and Casey. Topics covered: - Malware taxonomy: virus, worm, Trojan, ransomware, spyware, adware - Rootkits, keyloggers (hardware and software), and fileless malware - Static analysis: PE format, ELF format, strings, YARA, imphash, packers - Dynamic analysis: Cuckoo and CAPE sandboxes, Process Monitor, Wireshark, anti-VM - Reverse engineering: Ghidra and x64dbg user-mode debugging - Indicators of Compromise, STIX and TAXII, Pyramid of Pain, MITRE ATT&CK - Persistence: Windows Run keys, Scheduled Tasks, Linux cron and systemd - Memory forensics with Volatility and the order of volatility (RFC 3227, NIST 800-86) Useful for revision and self-testing before the FACT Digital Forensics paper. Allow 30 minutes.
This FACT-aligned mock covers cloud security architecture and cloud forensics from an investigator's standpoint. It walks through the Shared Responsibility Model across IaaS, PaaS, and SaaS as published by AWS, Azure, and Google Cloud, the distinction between cloud control plane and data plane, Security Groups versus Network ACLs in a VPC, Web Application Firewalls at Layer 7, NIST SP 800-207 Zero Trust Architecture, Cloud Security Posture Management, and the design principles of the AWS Well-Architected Framework Security pillar. The Identity and Access Management block covers the JSON shape of an IAM policy, instance roles backed by short-lived STS credentials, SAML 2.0 federation, and the iam:PassRole privilege escalation pattern. The encryption block covers KMS customer-managed versus AWS-managed keys, envelope encryption with a DEK wrapped by a KEK, S3 server-side encryption SSE-KMS versus SSE-C, mutual TLS in a service mesh such as Istio or Linkerd, and Bring Your Own Key. The cloud forensics block uses NIST IR 8006 as its reference, addresses why cloud forensics is harder than on-prem, lays out the host, network, application, and log scope layers, walks through EBS snapshot acquisition, live memory acquisition from a cloud VM, and provider legal-hold preservation requests. The logging and detection block covers CloudTrail management versus data versus Insights events, VPC Flow Log fields, GuardDuty alongside Microsoft Sentinel and Google Security Command Center, CloudTrail log file validation by SHA-256 digest, and S3 Object Lock for evidentiary preservation. The legal block covers the US CLOUD Act 2018 and the India-US MLAT channel, alongside the Digital Personal Data Protection Act 2023 vocabulary of Data Principal, Data Fiduciary, and Data Processor. This mock is built for MSc Forensic Science aspirants preparing for the NFSU FACT entrance examination, for digital forensics electives in BSc and MSc syllabi at Indian universities, and for working investigators preparing for industry credentials such as the SANS GCFA, EC-Council CHFI, ISC2 CCSP, and AWS Certified Security Specialty. It is also useful for UGC-NET Forensic Science Paper II candidates who have a cyber and cloud module in their syllabus. Topics covered: - Shared Responsibility Model across IaaS, PaaS, and SaaS - Network controls: Security Groups, NACLs, WAF, zero-trust principles - IAM policies, roles, federation, and privilege escalation patterns - KMS, envelope encryption, S3 server-side encryption, key rotation - NIST IR 8006 cloud forensic challenges and scope layers - EBS snapshot acquisition and live VM memory capture - CloudTrail, VPC Flow Logs, GuardDuty, log integrity controls - CLOUD Act, MLAT routes, and India DPDP Act 2023 vocabulary Practice across these clusters to build a coherent picture of cloud incidents from architecture to evidence to law. Allow 30 minutes.
This thirty-question FACT-style mock walks the network-monitoring and network-investigation unit of the digital forensics paper end to end. It covers live packet capture with Wireshark and tcpdump including the Berkeley Packet Filter capture-filter grammar and the dotted display-filter grammar, the PCAP and PCAPng file formats, the difference between promiscuous mode on wired Ethernet and monitor mode on 802.11 wireless interfaces, and the role of Tshark as the command-line sibling of Wireshark. It steps through the OSCAR methodology of Davidoff and Ham, the catch-it-as-you-can versus stop-look-and-listen acquisition strategies, NetFlow and IPFIX metadata records, and the placement of SPAN mirror ports and inline TAP appliances for sensor visibility on switched networks. The mock then turns to network intrusion detection with Snort, Suricata, and Zeek, contrasting signature-based and anomaly-based detection. Event-log analysis covers Windows Security channel logon events 4624 and 4625, Linux journald and rsyslog, and SQL-injection patterns visible from web access logs. Router and switch evidence covers Cisco IOS show logging, show ip route, show running-config, and the switch CAM or MAC address-table. Traffic analysis covers top-talkers, Deep Packet Inspection, JA3 and JA3S TLS fingerprinting, honeypots and honeynets including Cowrie and The Honeynet Project, NTP-disciplined log correlation, 802.11 frame types for wireless forensics, and what a passive observer can see in an encrypted VPN tunnel. It suits MSc Cyber Forensics aspirants, NFSU MSc applicants, FACT candidates, and working SOC analysts preparing for GCIA or GCFE. Topics covered: - Wireshark capture filters in BPF syntax and display filters in dotted grammar - tcpdump and Tshark command-line capture and analysis - PCAP and PCAPng file format differences - Promiscuous mode on wired Ethernet versus 802.11 monitor mode - OSCAR methodology and catch-it-as-you-can versus stop-look-and-listen - NetFlow and IPFIX metadata, SPAN mirror ports, and inline TAP appliances - Snort, Suricata, and Zeek network intrusion detection - Router and switch evidence, JA3 fingerprinting, honeypots, and VPN traffic visibility Work through every question, read each explanation carefully, and revisit weak areas before reattempting. Allow 30 minutes.
This FACT-aligned mock test exercises the network security architecture and cryptographic protocols block of the digital forensics syllabus. Thirty single-best-answer questions sweep IPSec including AH (RFC 4302), ESP (RFC 4303), transport versus tunnel mode, and IKEv2 (RFC 7296). It covers VPN families from PPTP, deprecated since the MS-CHAPv2 break of 2012, through L2TP over IPSec, OpenVPN, and modern WireGuard, and contrasts site-to-site with remote-access deployments. Firewall types from packet filtering through stateful inspection to next-generation firewalls appear alongside the default-deny philosophy of NIST SP 800-41 and the DMZ or screened-subnet pattern. IDS versus IPS, signature-based versus anomaly-based detection, password storage under bcrypt, scrypt, and Argon2, the EAP family with EAP-TLS and PEAP, Kerberos with its AS, TGS, and KDC roles under RFC 4120, X.509 certificate fields under RFC 5280, and LDAP distinguished names under RFC 4514 round out the authentication and directory block. This mock is intended for MSc and BSc forensic science aspirants targeting the FACT entrance examination and for working professionals preparing for CISSP, Security+, or CHFI papers. The Indian PKI material covering the Controller of Certifying Authorities under Section 17 of the IT Act 2000 and Class 3 Digital Signature Certificates is included. Topics covered: - IPSec architecture: AH, ESP, IKEv2 and transport versus tunnel mode - VPN protocols and topologies including PPTP, L2TP over IPSec, OpenVPN, WireGuard - Firewall design, default-deny policy, DMZ and IDS versus IPS - Password storage, the EAP family, Kerberos AS-TGS-KDC and LDAP DN structure - Digital signatures, X.509 fields and PKI components CA, RA, CRL, OCSP - CCA India and Digital Signature Certificates under the IT Act 2000 - TLS 1.3, the TLS handshake, Secure Electronic Transaction and HSTS - 802.1X NAC, multi-factor authentication and Zero Trust under NIST SP 800-207 Use this set as a calibration exercise before attempting full-length FACT digital forensics papers. Allow 30 minutes.
This FACT-aligned mock practice test covers the network-attack section of the digital forensics paper in thirty timed questions. The set runs across the wire from passive eavesdropping in promiscuous mode through Wireshark and tcpdump captures, ARP cache poisoning under RFC 826, DNS cache poisoning and the DNSSEC mitigation from RFC 4033, IP source-address forgery and BCP 38 ingress filtering from RFC 2827, BGP prefix hijacking with the 2010 China Telecom incident as the worked example, MAC spoofing on Linux through the ip link command and macchanger, web-jacking through DNS hijack and certificate compromise, and the OWASP Top 10 (2021) ordering with Broken Access Control at the top. Wireless coverage spans WEP IV-reuse and RC4 keystream attacks through aircrack-ng, the WPA2 four-way handshake capture used for offline dictionary attacks, the 2017 KRACK paper by Vanhoef and Piessens, WPA3 with the SAE Dragonfly handshake, evil twin rogue access points, and 802.11 deauthentication frame spoofing fixed by 802.11w. Denial-of-service coverage runs from SYN flood and UDP flood through DNS amplification reflection. Application-layer coverage closes with SSL stripping from Moxie Marlinspike sslstrip and the HSTS mitigation in RFC 6797, plus authentication factors, IEEE 802.1X with EAP and EAPOL, zero-day terminology, wireless rogue-AP detection, typosquatting, and the named subtypes of social engineering. The mock complements the cyber-crime mock by focusing on what a network forensicator sees on the wire rather than the legal category of the offence. The set suits MSc and BSc forensic-science students preparing for the FACT entrance, NFSU MSc digital forensics entrance, and CCFP, GCIH, and CHFI question banks. It also works for VAPT and information-security audit aspirants who want a refresher on the L2-to-L7 attack surface in one sitting. Topics covered: - Eavesdropping, packet sniffing and Wireshark - ARP, DNS and routing-table poisoning - IP and MAC spoofing - Cross-site scripting, SQL injection and OWASP Top 10 - WEP, WPA2, WPA3 and rogue access points - DoS, DDoS, SYN flood and amplification - MITM, SSL strip and HSTS - Authentication factors, 802.1X, zero-day and social engineering Time the attempt to mirror exam conditions. Allow 30 minutes.
This FACT-style mock covers the network forensics and computer-networking foundations that every digital-forensics student is expected to control before stepping into a packet capture. The thirty questions sweep across analog and digital signalling, baseband and broadband transmission, classical network topologies including star, bus, ring and mesh, and the geographical taxonomy of LAN, MAN and WAN networks. From there the paper moves into the OSI seven-layer model and the TCP/IP four-layer stack, the canonical PDU vocabulary of frames, packets, segments and datagrams, the difference between TCP and UDP, the TCP three-way handshake, and the well-known port numbers an investigator quotes from memory: 22 for SSH, 25 for SMTP, 53 for DNS, 80 for HTTP, 443 for HTTPS. The IP-addressing block covers classful IPv4 ranges, RFC 1918 private space, loopback and APIPA, CIDR prefix-to-mask conversion, subnet sizing with the /27 worked example, and supernetting for BGP route aggregation. The hardware and switching block separates hub from switch from router, fixes MAC-address structure with the OUI in the first 24 bits, places ARP at Layer 2, and pins the 802.1Q VLAN ID at 12 bits.\n\nThe paper is calibrated for FACT entrance preparation and is equally useful for MSc Digital Forensics, NFSU MSc entrance candidates, UGC-NET Forensic Science Paper II networking sections, and self-study readers using Tanenbaum, Forouzan, Stallings, and Kurose-Ross as their primary texts.\n\nTopics covered:\n- Analog vs digital signalling, baseband vs broadband, digital modulation families\n- Topologies (star, bus, ring, mesh) and network types (LAN, MAN, WAN)\n- OSI seven layers and TCP/IP four-layer stack with PDU vocabulary\n- TCP vs UDP, the three-way handshake, well-known port numbers\n- IPv4 classful ranges, RFC 1918 private space, loopback and APIPA\n- CIDR notation, /24 mask, /27 host arithmetic, supernetting and BGP aggregation\n- Hub, switch, router; MAC address structure; ARP; 802.1Q VLAN tagging; store-and-forward\n- Routing protocol families (OSPF, RIP, BGP), ICMP traceroute, Wi-Fi 4/5/6, WEP/WPA/WPA2/WPA3, bandwidth vs latency vs jitter\n\nUse this as a baseline check on the networking foundation that every subsequent network-forensics paper assumes. Allow 30 minutes.
FACT Digital Forensics paper drill on Digital Video Recorder and Network Video Recorder forensics, covering the architectural split between analog cameras over coaxial cable with a DVR and IP cameras over Ethernet with an NVR, the standard cameras-to-switch-to-NVR-to-disks chain, search and seizure of CCTV systems at a scene with photographing of wiring and clean power-down, the procedural framework under the Bharatiya Nagarik Suraksha Sanhita 2023 (replacing the Code of Criminal Procedure 1973) for seizure of DVR units and storage disks, the Section 65B IEA 1872 (now Section 63 BSA 2023) certificate that underpins admissibility of CCTV exports, leading Supreme Court guidance in Tomaso Bruno v. State of UP (2015) and Anvar P.V. v. P.K. Basheer (2014), surveillance-grade hard disks such as Western Digital Purple and Seagate SkyHawk, the practical RAID levels used in NVRs covering RAID 1 mirroring, RAID 5 single parity, RAID 6 dual parity, and the laboratory protocol for reconstructing arrays from labelled slot order, vendor-neutral camera and recorder interoperability under the ONVIF specifications, the proprietary on-disk file systems of Hikvision, Dahua, and CP Plus and the role of DVR Examiner and Salvation Data, container formats including the Dahua .dav and ISO Base Media MP4 with its moov and mdat atoms, the H.264 (AVC) and H.265 (HEVC) video coding standards along with the I-frame, P-frame, and B-frame distinction, file carving anchored on I-frames and NAL units, embedded metadata such as original timestamp, camera identifier, and device serial number, temporal analysis covering DVR clock drift and NTP synchronisation, integrity through SHA-256 and MD5 hashing of exports, chain of custody from seizure to court, recurring forensic challenges including continuous loop-overwrite recording, and the use of DVR and NVR system logs for camera uptime and gap-justification. For FACT aspirants and MSc digital forensics students working through CCTV and surveillance forensics modules, and useful as a revision pass before NFSU MSc, GCFA, CHFI, and CCTV-installer certification examinations. Questions emphasise definitions, statute mapping, and the Indian procedural framework under the IT Act 2000 alongside the new BNSS 2023 and BSA 2023 codes effective from 1 July 2024. Topics covered: - DVR vs NVR architecture and surveillance chain - Search and seizure under BNSS 2023; Section 65B IEA / Section 63 BSA certificate - Tomaso Bruno (2015) and Anvar P.V. (2014) on CCTV evidence - Surveillance-grade HDDs and RAID 1, 5, and 6 in NVRs - ONVIF, proprietary file systems, DVR Examiner and Salvation Data - H.264 and H.265 codecs, I-frame, P-frame, and B-frame structure - MP4 moov and mdat atoms, NAL unit carving - System logs, loop-overwrite, hashing, and chain of custody Useful for revision and self-testing before the FACT Digital Forensics paper. Allow 30 minutes.
FACT Digital Forensics paper drill on virtual machine and cloud forensics, covering hypervisor types under the Type 1 bare-metal model with VMware ESXi, Xen, Hyper-V, and KVM, the Type 2 hosted model with VMware Workstation, VirtualBox, and Parallels, virtual disk formats including VMDK on VMware, VHD and VHDX on Microsoft Hyper-V, QCOW2 on QEMU and KVM, and VDI on VirtualBox, thin and thick provisioning, VM snapshot artefacts such as .vmsn, .vmem, delta .vmdk, and .vmss suspended-state files, the .vmx configuration file and .nvram BIOS variables, live versus cold acquisition, forensic mounting of virtual disks using FTK Imager, vmware-mount, and qemu-nbd, the VM escape attack class, and the cloud forensics framework drawn from NIST SP 800-145 service and deployment models, NIST IR 8006 forensic challenges, NIST SP 800-86 procedural guidance, the US CLOUD Act 2018, and the Indian Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, with provider-specific evidence sources including AWS CloudTrail and VPC flow logs, Azure Activity Log, Google Cloud Audit Logs, S3 object versioning, and ephemerality concerns in managed containers and serverless functions on Lambda, Azure Functions, and Cloud Functions. For FACT aspirants and MSc digital forensics students working through virtualisation and cloud modules, and useful as a revision pass before NFSU MSc, GCFA, CCSK, CHFI, and CCSP exams. Questions emphasise definitions, vendor mapping, evidence-source identification, and the Indian and US legal framework for cross-border cloud investigations. Topics covered: - Hypervisor types and disk formats: ESXi, Hyper-V, VirtualBox, KVM, VMDK, VHDX, QCOW2, VDI - VM snapshot, memory, and configuration artefacts: .vmsn, .vmem, .vmss, .vmx, .nvram - Live versus cold acquisition and forensic mounting with FTK Imager and qemu-nbd - NIST SP 800-145 cloud service and deployment models - NIST IR 8006 multi-tenancy and ephemerality challenges - CLOUD Act 2018 and IT (Intermediary Guidelines) Rules 2021 - AWS, Azure, and Google Cloud evidence sources - Container and serverless forensic limitations Useful for revision and self-testing before the FACT Digital Forensics paper. Allow 30 minutes.
FACT Digital Forensics paper drill on web browser artefacts and email forensics, covering HTTP cookies and their lifetime, HttpOnly, Secure, and SameSite attributes under RFC 6265, the on-disk layout of Chrome (SQLite History database, Bookmarks JSON file, Login Data with Windows DPAPI, Cache directory) and Firefox (places.sqlite with moz_places, moz_historyvisits, moz_bookmarks), timestamp epochs including the Chrome 1601 UTC microsecond base and the Firefox Unix epoch microsecond base, the Chrome downloads table inside History, macOS Keychain for browser credentials, private and incognito browsing residue in DNS cache and RAM, session restore through sessionstore and Current Session files, the Hindsight cross-browser parsing tool, the email protocol family of SMTP under RFC 5321 on ports 25 and 587, POP3 under RFC 1939 on ports 110 and 995, and IMAP under RFC 3501 on ports 143 and 993, the MIME family beginning at RFC 2045 for multipart and base64 and quoted-printable encoding, the MUA, MTA, and MDA decomposition of mail delivery, Received header reading bottom-up, Message-ID uniqueness, Return-Path versus header From mismatch as a spoof indicator, DKIM under RFC 6376, DMARC under RFC 7489, the PST and OST Outlook storage formats with the local-versus-cache distinction, the MBOX concatenated-message format for Thunderbird and Apple Mail, the EML single-message export, phishing display-name and lookalike-domain indicators, and Section 66D IT Act 2000 for cheating by personation through computer resource. For FACT aspirants and MSc digital forensics students working through browser-forensics and email-forensics modules, and useful as a revision pass before NFSU MSc, GCFA, CHFI, and Security+ exams. Questions emphasise the canonical artefact paths on Windows and macOS, the RFC numbers and well-known ports that underpin email transport, and the Indian statutory framework under the IT Act 2000 with its 2008 amendment. Topics covered: - Cookies: session vs persistent, HttpOnly, Secure, SameSite - Chrome and Firefox profile artefacts: History, Bookmarks, places.sqlite - Browser timestamps: Chrome 1601 epoch vs Firefox Unix epoch microseconds - Saved passwords: Chrome Login Data + DPAPI, macOS Keychain - Cache, downloads, session restore, and private-browsing residue - Email protocols: SMTP (RFC 5321), POP3 (RFC 1939), IMAP (RFC 3501), MIME - Email headers: Received chain, Message-ID, Return-Path, DKIM, DMARC - Mail storage formats (PST, OST, MBOX, EML) and Section 66D IT Act 2000 Useful for revision and self-testing before the FACT Digital Forensics paper. Allow 30 minutes.
FACT digital forensics drill on operating-system artefacts across Windows, Linux, and macOS, covering NTFS Master File Table internals, registry hives (HKLM\SYSTEM, NTUSER.DAT, SAM, SOFTWARE), event logs in .evtx form, LNK shortcuts, prefetch (.pf) files, the $Recycle.Bin with paired $I and $R files, shellbags, Volume Shadow Copies and System Restore, pagefile.sys, hiberfil.sys, NTFS Alternate Data Streams and slack space, plus the Linux Filesystem Hierarchy Standard, SUID/SGID/sticky semantics, /etc/passwd vs /etc/shadow, wtmp/btmp/lastlog/auth.log, bash history, cron persistence, syslog and rsyslog, auditd, /tmp vs /var/tmp, mount tables, and symlink vs hard link semantics. The macOS half covers launchd LaunchDaemons and LaunchAgents, SystemConfiguration preferences.plist, .fseventsd and other hidden directories, Unified Logging via the log show command, ~/Library plists, plutil binary-to-XML conversion, the login.keychain-db and System.keychain stores, zsh history on Catalina and later, Time Machine Backups.backupdb, and Safari and Chrome browser artefacts. Easy band calibration: distractors are clearly different concepts rather than near-twin paths. For FACT aspirants, NFSU MSc digital forensics entrants, and candidates preparing for GCFA, CHFI, or SANS FOR500/FOR518. Questions emphasise canonical paths, default file names, and the single forensic role of each artefact, so the student can build a reliable mental map before moving on to scenario-driven medium and hard mocks. Topics covered: - Windows file system, registry hives, and event logs - LNK shortcuts, prefetch, Recycle Bin, shellbags, Volume Shadow Copies - pagefile.sys, hiberfil.sys, NTFS Alternate Data Streams, slack space - Linux Filesystem Hierarchy Standard, permissions, and password storage - Login logs, bash history, cron persistence, syslog, and auditd - Mount tables, temporary directories, symbolic vs hard links - macOS launchd, SystemConfiguration plist, FSEvents, Unified Logging - Keychain stores, plutil, Time Machine, Safari and Chrome artefacts Useful for revision and self-testing before the FACT digital forensics paper. Allow 30 minutes.
FACT Forensic Aptitude Common Test drill on the first-responder role and digital evidence handling, covering the on-scene priority list at a powered-on computer, the live-response versus pull-the-plug decision, the toolkit a responder carries (Faraday bag, anti-static bag, write blocker, imaging device, evidence labels, chain-of-custody form), search and seizure powers under BNSS 2023 Section 94 and IT Act 2000 Section 80, the admissibility framework under Section 65B IEA 1872 and Section 63 BSA 2023, RFC 3227 order of volatility, NIST SP 800-88 sanitization categories, forensic imaging and hashing with SHA-256, recovery of deleted, hidden, and altered files, handling of encrypted volumes under IT Act Section 69, and the Anvar P.V. and Arjun Panditrao Supreme Court line on Section 65B certification. For FACT aspirants, NFSU MSc digital forensics entrants, CHFI candidates, and police officers preparing for cybercrime investigator certification. Questions are calibrated at the easy band for first-pass concept refresh and exam vocabulary, with single-fact recall on definitions, statutory sections, RFC 3227 ordering, hash function status, and the chain-of-custody framework anchored in Indian procedural law. Topics covered: - First responder priority, live response, and pull-the-plug decision - Toolkit: Faraday bag, anti-static bag, write blocker, imaging device - BNSS 2023 Section 94, IT Act 2000 Sections 69 and 80 - Section 65B IEA 1872 and Section 63 BSA 2023 certificate, Anvar and Arjun Panditrao - Volatile vs non-volatile evidence and RFC 3227 order of volatility - NIST SP 800-88 sanitization, forensic imaging formats, write blockers, hashing - Memory acquisition (DumpIt, FTK Imager, LiME) and chain of custody - Recovery of deleted, hidden, altered files, encrypted volumes, formatted drives Useful for revision and self-testing before the FACT digital forensics paper. Allow 30 minutes.
FACT Digital Forensics paper drill on cyber crime categories and web security threats, covering the four-fold Indian taxonomy of cyber crime under the Information Technology Act 2000, internal versus external attacks and insider threat motivation, social media offences under Section 67 IT Act, ATM and banking frauds including skimming and card cloning, the phishing family in its email, voice (vishing), and SMS (smishing) variants, ransomware behaviour drawn from the WannaCry 2017 incident along with the symmetric-plus-asymmetric hybrid encryption model, the virus, worm, and Trojan distinctions in classical malware taxonomy, identity theft under Section 66C IT Act, packet sniffing in promiscuous mode using Wireshark, IP and ARP and DNS spoofing, SPF email authentication under RFC 7208, man-in-the-middle attacks, SQL injection and cross-site scripting from the OWASP Top 10, cyberstalking under Section 354D IPC 1860 with the carried-forward Section 78 BNS 2023, business email compromise and 419 advance-fee fraud, social engineering techniques including tailgating, and the foundations of web security covering HTTPS on TCP 443 and the same-origin policy. For FACT aspirants and MSc digital forensics students working through cyber crime and information security modules, and useful as a revision pass before NFSU MSc, GCFA, CHFI, and Security+ exams. Questions emphasise definitions, statute mapping, and the Indian procedural framework including the IT Act 2000 with its 2008 amendment and the carried-forward BNS 2023 provisions. Topics covered: - Cyber crime taxonomy: against person, property, state, and society - Internal and external attacks, insider threat motivation - Phishing, spear phishing, vishing, smishing, and 419 advance-fee fraud - Ransomware behaviour and hybrid encryption model - Virus, worm, and Trojan distinctions in malware taxonomy - Packet sniffing, IP and ARP and DNS spoofing, MITM attacks - SQL injection and cross-site scripting (stored versus reflected) - IT Act 2000 sections 43, 65, 66, 66C, 66D, 67 and Section 354D IPC 1860 / Section 78 BNS 2023 Useful for revision and self-testing before the FACT Digital Forensics paper. Allow 30 minutes.
Showing 12 of 16 tests