Practice with national-level exam (FACT, FACT Plus, NET, CUET, etc.) mocks, learn from structured notes, and get your doubts solved in one place.
Free, timed forensic mock tests for NFSU FACT, UGC-NET and university entrances. Instant scoring, per-question explanations and a topic breakdown after every attempt.
Applied FACT digital-forensics drill that puts the examiner inside thirty short investigation scenarios across Windows, Linux, and macOS hosts and asks what each surviving artefact actually proves. The Windows scenarios cover $MFT $STANDARD_INFORMATION versus $FILE_NAME timestomp signatures, prefetch hash and run-count execution proof, AmCache and ShimCache attribution differences, UserAssist ROT13 counters, USB insertion via the USBSTOR enumerator key cross-referenced with C:\Windows\INF\setupapi.dev.log, ShellBags evidence of access to now-deleted folders, Volume Shadow Copy mounting and Security.evtx diffing, LNK MAC times pinning prior file state, $Recycle.Bin SID resolution against SAM and ProfileList, and Remote Desktop sessions surfaced as EventID 4624 LogonType 10. The Linux half walks through GTFOBins-style SUID misuse with find -exec /bin/sh -p, the $6$ SHA-512 identifier in /etc/shadow, the three-way persistence choice across cron.d, systemd units, and rc.local, auditd connect() syscall rules, HISTTIMEFORMAT and the : epoch:0 marker in bash history, hard-link versus symbolic-link inode semantics, /proc/[pid]/maps as a window onto injected RWX regions, ext4 inode-reuse limits on deletion recovery, and extended-attribute namespaces as the Linux analogue of NTFS Alternate Data Streams. The macOS scenarios go through TCC.db privacy decisions, the com.apple.quarantine Gatekeeper attribute, the FSEvents gzipped binary log format, kMDItemWhereFroms via mdls and xattr, .DS_Store leakage risk, APFS Time Machine snapshot mounting with tmutil and mount_apfs, sandbox container layout under ~/Library/Containers, launchd StartInterval as the cron equivalent, the History.db schema with history_items joined to history_visits, and APFS clone semantics versus copy and hard link. For FACT aspirants, NFSU MSc digital-forensics candidates, and analysts preparing for GCFA, CHFI, SANS FOR500, or FOR518. Each question is a small triage decision: given this artefact in this state, what is the defensible reading? Distractors are near-twin readings drawn from adjacent artefacts on the same operating system, so guessing on path or vocabulary alone will not work and the candidate has to know how each subsystem actually writes its evidence. Topics covered: - Windows file-system metadata and execution-evidence reasoning - USB attribution, RDP sessions, and shadow-copy log diffing - Recycle Bin SID resolution and LNK target reconstruction - Linux privilege-escalation and persistence triage patterns - auditd, bash history timestamps, and inode-reuse recovery limits - macOS TCC, Gatekeeper, FSEvents, and Spotlight metadata - Time Machine snapshot mounting and sandbox container layout - launchd persistence keys and Safari history schema details Useful for revision before the FACT digital forensics paper and for cross-platform incident triage practice. Allow 30 minutes.
Applied scenario drill on web-browser and email forensics for FACT aspirants, pitched one level above the introductory mock. Questions move past definitions into the kind of decisions an investigator actually makes at the bench: writing the right SQL join across Chrome's urls, visits, and visit_source tables; converting a Chrome timestamp from microseconds since 1601 UTC into a calendar date; recognising why a SameSite=None cookie without Secure was rejected; deciding whether a body-hash mismatch on a DKIM signature points to a transit footer or to a header rewrite; tracing a multi-hop Received chain bottom-up to the host that actually submitted the message; reading an OST orphan condition after Active Directory disabled the account; choosing PST, OST, MBOX, or emlx for the workstation in front of you; and applying Section 66D of the IT Act 2000 to a bank-impersonation phishing case. The mock is calibrated for MSc Forensic Science aspirants preparing for the FACT entrance, the cyber stream of the NFSU MSc, and CHFI or GCFA candidates who want a focused drill on Chromium and Firefox artefacts, MIME parsing, SPF, DKIM, DMARC alignment failures, and standard email containers. Each question is rooted in a verifiable primary source: RFC 5321, 5322, 1939, 3501, 2045 to 2049, 6376, 7208, and 7489 for protocol behaviour; Microsoft Learn for OST, PST, DPAPI, and ESE; Apple Developer for the Keychain; the Chromium source tree and Mozilla Source Docs for browser internals; and the IT Act 2000 for the Indian statutory anchor. Topics covered: - Chrome History database joins and FILETIME-based timestamp arithmetic - Firefox places.sqlite, sessionstore-backups jsonlz4 framing, and Edge WebCacheV01.dat ESE access - Cookie attribute semantics, including the SameSite=None Secure rule, HTTP cache reconstruction, and ETag revalidation - Browser credential stores on Windows and macOS, DPAPI and Keychain key wrapping - Incognito leak vectors across pagefile, hiberfil, and the OS DNS resolver cache - Multi-hop Received chain reading, X-Originating-IP reliability, and Message-ID anchoring - MIME multipart parsing, base64 versus quoted-printable, and DKIM body-hash failure modes - SPF, DKIM, DMARC alignment outcomes and aggregate versus forensic reporting - PST, OST, MBOX, and emlx selection per platform, OST orphan handling, single-instance attachment recovery - Section 66D IT Act 2000 in a phishing-impersonation case Allow 30 minutes.
FACT Digital Forensics paper drill on applied virtual machine and cloud forensic scenarios, sitting one level above the introductory definitions mock on the same syllabus. Questions place the candidate inside a specific case and ask which technique applies: choosing between live and offline acquisition for a fileless guest, picking the right VMware artefact (.vmem at a snapshot, .vmss at a suspend, .vmsn for metadata), mounting VMDK chains and Hyper-V .avhdx differencing disks as ordered overlays, converting QCOW2 to raw with qemu-img convert, reading vmware.log for VM escape signals, inspecting VMFS datastores through vmfs-tools, recognising MITRE ATT&CK T1497 anti-VM checks via CPUID and MAC OUI, walking the Docker OverlayFS layer stack, retaining Kubernetes emptyDir evidence by shipping logs, acquiring vSAN through the API rather than by pulling drives, and choosing in-guest tools such as LiME or AVML for live memory. The cloud half tests log-source selection between CloudTrail, VPC Flow Logs, CloudWatch Logs, and S3 access logs, the iam:CreateAccessKey to iam:AttachUserPolicy escalation chain under MITRE T1098, the volatile-first acquisition order paired with EBS snapshot copy across accounts and regions, multi-tenancy under NIST IR 8006, KMS misuse evidence (key policy, grants, last-used), least-privilege failures in IAM JSON, the interaction of CLOUD Act 2018, IT Rules 2021, and DPDP Act 2023, MLAT preservation requests, Lambda forensics through CloudWatch Logs only, Azure Diagnostic Settings for Resource Logs, GCP Cloud Audit Logs Admin Activity vs Data Access, CloudTrail digest-chain tampering indicators, and S3 Object Lock compliance mode plus MFA Delete for legal hold. For FACT digital-forensics aspirants and MSc students working through applied virtualisation and cloud incident-response scenarios, useful as a revision pass before NFSU MSc, GCFA, SANS FOR509, CCSP, and AWS Security Specialty exams. Questions emphasise picking the right technique under a specific scenario rather than reciting definitions, with Indian and US legal anchors for cross-border cloud cases. Topics covered: - Live vs offline VM acquisition for fileless and snapshot scenarios - VMware .vmem, .vmss, .vmsn, .vmx, VMDK chains and ESXi VMFS datastores - Hyper-V .avhdx checkpoint chains and VirtualBox .vbox and .vdi files - QCOW2 to raw conversion with qemu-img and qemu-nbd cross-format mounting - Container OverlayFS layers and Kubernetes emptyDir evidence retention - AWS log-source selection: CloudTrail, VPC Flow Logs, CloudWatch, S3 access logs - IAM escalation chains, KMS audit, least-privilege failures, MITRE T1098 and T1497 - EBS snapshot acquisition order and cross-region cross-account chain-of-custody - CLOUD Act 2018, IT Rules 2021, DPDP Act 2023, MLAT preservation requests - Lambda, Azure Resource Logs, GCP Audit Log streams, CloudTrail integrity, S3 Object Lock Useful for revision and self-testing before the FACT Digital Forensics paper. Allow 30 minutes.
Applied scenario drill on identifying common network attacks from forensic evidence: ARP poisoning visible in arp -a, DNS hijack versus cache poisoning versus typosquatting from packet samples, when DNSSEC would have blocked the attack, the choice between BCP 38 ingress filtering and unicast Reverse Path Forwarding (uRPF), recognising SYN flood versus UDP amplification from NetFlow records, distinguishing SSL stripping from HTTPS downgrade and from certificate misissuance, KRACK versus PMKID versus WPA2 dictionary attack on a wireless capture, rogue AP versus evil twin versus karma differentiation, reflection-versus-amplification ratios (DNS amp versus memcached amp), SQL injection class detection from response side-channels (error-based, blind boolean, time-based), OWASP Top 10 (2021) category mapping including A01 Broken Access Control, A02 Cryptographic Failures, A03 Injection and A07 Identification and Authentication Failures, XSS reflected versus stored versus DOM by where the payload lives, CSRF versus SSRF as confused-deputy patterns, zero-day versus N-day timeline in responsible disclosure, deauthentication-flood evidence in 802.11 management frames, lateral movement versus initial access in MITRE ATT&CK terms, and phishing-kit fingerprinting through typosquat domains and Let's Encrypt certificate patterns. This mock targets candidates preparing for the FACT entrance examination, MSc Digital Forensics aspirants at NFSU and central forensic-science universities, and working analysts mapping live incidents against syllabus categories. The scenario format mirrors what the FACT paper actually asks: the question describes evidence (a packet dump, a NetFlow record, an arp -a output, a log line) and asks which attack class fits and which mitigation applies. Topics covered: - ARP poisoning evidence in arp -a dumps and dynamic ARP inspection responses - DNSSEC validation chain and when it would have blocked a forged answer - BCP 38 versus unicast Reverse Path Forwarding (uRPF) for source-address validation - Reflection and amplification ratios for DNS, NTP, and memcached - WPA2 PMKID, KRACK key reinstallation, and WPA3 SAE Dragonblood - OWASP Top 10 (2021) category mapping for IDOR, weak hashes, and Log4Shell - SQL injection side-channels: error-based, boolean-based blind, time-based blind - MITRE ATT&CK lateral movement, initial access, defense evasion, exfiltration This 30-question, medium-difficulty pack is free to attempt and is reviewed against Stallings 8e, Kurose and Ross 8e, OWASP Top 10 (2021), the relevant IETF RFCs (2827, 3704, 4033, 6797, 6962), the IEEE 802.11 and 802.11w standards, the Vanhoef and Piessens KRACK paper, the Vanhoef and Ronen Dragonblood paper, NIST SP 800-115, Casey 3e, Nelson 6e, and current CERT-In advisories. Allow 30 minutes.
This FACT-aligned mock test puts the network security architecture block of the digital forensics syllabus into applied form. Thirty scenario-style single-best-answer questions exercise IPSec selection between AH (RFC 4302), ESP (RFC 4303), and the combination, transport versus tunnel mode for site-to-site and remote-access deployments, and IKEv2 (RFC 7296) versus the deprecated IKEv1 Aggressive Mode. VPN selection between OpenVPN, WireGuard, and IPSec is tested against use-case constraints. Firewall design covers stateful inspection, application proxies, and next-generation firewalls when layer-7 inspection plus user identity are required. IDS versus IPS placement (passive tap versus inline) and the signature-versus-anomaly gap on zero-day traffic are explored alongside PEAP versus EAP-TLS choices given certificate-management realities, Kerberos AS-TGS-KDC troubleshooting under RFC 4120 error codes, X.509 chain validation, LDAP distinguished names, digital signature verification, CRL versus OCSP under RFC 5280 and RFC 6960, TLS 1.2 versus 1.3 handshake changes, HSTS preload reasoning, NAC 802.1X-MAB risk, TOTP versus HOTP versus FIDO2 selection, PKI bridge trust models, VLAN versus micro-segmentation under NIST SP 800-207, SIEM correlation tuning, and IPv6 SLAAC with Privacy Extensions versus stateful DHCPv6. This medium-band paper is intended for MSc and BSc forensic science aspirants targeting the FACT entrance examination, and for working professionals preparing for CISSP, Security+, or CHFI. Indian PKI material under the Controller of Certifying Authorities and the IT Act 2000 informs the certificate questions, alongside CERT-In hardening advisories and NIST publications. Topics covered: - IPSec AH versus ESP versus combined, transport versus tunnel mode selection - IKEv2 phases against IKEv1 Aggressive Mode deprecation - VPN selection between OpenVPN, WireGuard, and IPSec for given constraints - Firewall types: stateful, proxy, and NGFW with TLS decryption and user identity - IDS passive tap versus IPS inline, and signature limits against zero-day traffic - PEAP versus EAP-TLS, Kerberos error troubleshooting, X.509 chain failures - LDAP DN versus RDN, digital signatures, CRL versus OCSP freshness trade-off - TLS 1.3 handshake, HSTS preload, 802.1X-MAB risk, FIDO2 selection, micro-segmentation Use this set as a calibration exercise before attempting full-length FACT digital forensics papers. Allow 30 minutes.
Applied-scenario drill on network monitoring and investigation for FACT Digital Forensics aspirants. Each question places the candidate inside a real incident and asks which command, flag, log field, signature, or methodology stage actually solves the problem, rather than asking for a definition. The set covers Wireshark capture filter versus display filter syntax on a stored pcap, tcpdump rotation flags (-G, -C, -W) for long-window captures, PCAPng with nanosecond timestamp precision for high-speed links, OSCAR methodology applied to a live incident timeline, SPAN port versus inline network TAP under asymmetric routing, sFlow versus NetFlow versus IPFIX selection on a retention budget, Snort signature interpretation from a Talos or Emerging Threats alert line, Suricata HTTP parser logs versus Snort raw pattern matches, Zeek triage across conn.log, http.log, and dns.log, SQL injection identification from web access logs (UNION SELECT, OR '1'='1, time-based SLEEP), Windows Security Event ID mapping (4624 Logon Type 10 for RDP, 4625 Sub Status codes, 4672 special privileges, 4688 process creation), journalctl with -u and --since for SSH brute-force triage on systemd hosts, Cisco show ip arp plus show mac address-table correlation for ARP-spoof attribution, Cisco ASA syslog severity selection per RFC 5424, NetFlow top-talker drill-down, DPI trade-offs against TLS encryption with JA3 and JA3S fingerprinting, Cowrie versus Dionaea versus T-Pot honeypot selection, downstream legal exposure of operating a honeypot under the Information Technology Act 2000, NTP time-sync as the precondition for cross-host log correlation under RFC 5905, airodump-ng plus Kismet for rogue access point triangulation, and traffic-analysis inference of session type from packet size and timing over encrypted VPN tunnels. This mock targets MSc Forensic Science and BSc Forensic Science students preparing for the FACT (Forensic Aptitude and Coding Test) Digital Forensics paper, NFSU MSc Cyber Security entrance candidates, and early-career SOC analysts learning the GCIA, GCFE, or SANS FOR572 syllabus through Indian academic mocks. Topics covered: - Wireshark display filter and BPF capture filter on a stored pcap - tcpdump rotation with -G, -C, -W and strftime filename patterns - PCAPng nanosecond timestamping for high-speed link forensics - OSCAR methodology stages applied to a real network incident - SPAN versus TAP placement under asymmetric routing - Snort, Suricata EVE JSON, and Zeek conn-http-dns log triage - SQL injection signature reading from web access logs - Windows Event IDs 4624, 4625, 4672, 4688 in scenario context Each item carries a three-paragraph explanation citing Wireshark, tcpdump, Snort, Suricata, Zeek, OWASP, Microsoft Learn, Cisco IOS, RFCs 5424, 5905, 7011, and Davidoff and Ham's Network Forensics text. Allow 30 minutes.
Applied scenario drill for the FACT digital forensics paper, focused on the computer networking knowledge investigators have to apply at a real scene: subnet arithmetic on /27, /28, and /29 blocks; supernetting and CIDR overlap detection; OSPF cost from interface bandwidth; BGP route-hijack identification from AS-PATH signatures; Spanning Tree Protocol root election; 802.1Q VLAN tagging on trunk versus access ports; ARP storm and switching loop diagnosis; ICMP type and code distinctions covering ping, traceroute, port unreachable, administratively prohibited, and redirect; TCP three-way handshake reading from a pcap snippet; DNS over UDP, TCP, DoT 853, and DoH 443; Wi-Fi 5 versus Wi-Fi 6 capture considerations; WPA2 versus WPA3 SAE handshake; client isolation on a guest SSID; bandwidth-delay product window sizing; jitter versus latency in a VoIP investigation; longest-prefix match in a routing table; carrier-grade NAT shared address space at 100.64.0.0/10 against RFC 1918 private space; NAT traversal versus direct exposure for a residential server. This mock is for forensic science postgraduates and FACT aspirants who have crossed the definition stage and now need to apply networking facts to investigation scenarios. It is calibrated to the medium band, where every question forces a choice between near-neighbour options that share most attributes and differ on one parameter the investigator has to know cold. The mock is equally useful for UGC-NET Paper II networking-section preparation, NFSU MSc digital forensics, and entry-level GCFA or CHFI revision. Topics covered: - Subnet arithmetic and broadcast addresses on /27, /28, /29 - Supernetting, CIDR aggregation, and prefix overlap detection - OSPF interface cost and BGP route-hijack signatures - Spanning Tree Protocol root election and switching-loop diagnosis - 802.1Q VLAN tagging on trunk and access ports - ICMP type and code distinctions across ping, traceroute, redirect - TCP three-way handshake from pcap and Path MTU Discovery black holes - DNS over UDP, TCP, DoT 853, DoH 443, plus EDNS0 buffer sizing - Wi-Fi 4, 5, 6 standards, WPA3 SAE, and client isolation - Bandwidth-delay product, jitter versus latency, CGNAT and NAT traversal Sit the mock under timed conditions, mark the explanation references, and revisit any RFC citations after each session. Allow 30 minutes.
FACT digital forensics drill pitched at applied scenarios in malware analysis: triage decisions, PE static reads, dynamic detonation, memory forensics, persistence mapping, and the legal frame in India. Each question hands the candidate a piece of evidence drawn from a real workflow (a section entropy reading, an Import Address Table excerpt, a YARA fragment, a Sysmon event line, an ld.so.preload artefact, a launchd plist, an MFT timestamp pair) and asks which technique, tool, or statute fits. Calibrated for B.Sc and M.Sc forensic-science aspirants preparing for FACT, NFSU MSc Digital Forensics entrance, and the SANS GREM and EC-Council CHFI tracks. The medium band sits between vocabulary recall and full reverse-engineering case work: the candidate must connect two ideas in a single question (entropy plus section name, command-line plus parent process, registry path plus ATT&CK technique) rather than restate a single definition. Topics covered: - Static triage: packers, section entropy, imphash and import tables - Dynamic detonation: Cuckoo and CAPE for fileless PowerShell loaders - Process injection signatures: VirtualAllocEx, process hollowing, doppelganging - Memory forensics: Volatility malfind and unbacked RWX regions - Persistence across Windows, Linux, and macOS with ATT&CK mapping - Behaviour patterns: C2 beaconing, DGA, ssdeep similarity, Pyramid of Pain - NTFS anti-forensics: timestomp and partial USN journal recovery - Indian cyber law: IT Act Sections 43, 66, and 70 selection Answers, options, and detailed explanations are revealed only after submission on the results page. Allow 30 minutes.
Scenario-driven FACT entrance drill on first-responder decisions and digital evidence handling. Every question is set in a working investigation: encrypted volumes that have to be imaged before the keys leave RAM, NVMe drives that the spare SATA write blocker cannot touch, E01 versus AFF4 versus raw dd format choices that turn on case-data and compression needs, chain-of-custody gaps that the prosecution has to repair with contemporaneous records, and Section 65B IEA / Section 63 BSA certificates signed by the wrong person. The questions test which procedure or provision actually applies to the facts, not what the textbook definition is in isolation. Built for FACT aspirants and NFSU MSc digital forensics entrance candidates who have finished the easy-band material and now want medium-band scenarios. CHFI, GCFA, and BPRD digital-evidence trainees will find the same cases. Coverage cross-cites the new Indian criminal codes (BNSS 2023, BSA 2023) against their CrPC 1973 and Indian Evidence Act 1872 ancestors, with the Supreme Court rulings in Anvar P.V. v. P.K. Basheer (2014) and Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal (2020) running through the certificate questions. Topics covered: - Live vs dead acquisition under encrypted-volume facts - Order of volatility on hybrid disk, RAM, and remote-log scenes - Write blocker selection: SATA vs NVMe vs software USB hooks - Imaging formats: raw dd, E01, AFF4 chosen by case requirements - Hash collision handling and SHA-1/MD5 deprecation timing - Chain of custody breach scenarios and their statutory remedies - BNSS 2023 search and seizure, audio-video recording under Section 105 - FileVault, BitLocker, LUKS key handling and recovery-key custody - NTFS vs FAT32 quick-format recovery, MFT-wipe carving constraints - Timestomp detection via $STANDARD_INFORMATION vs $FILE_NAME attributes - Mobile seizure: BFU, Faraday bag failure, airplane mode trade-offs - Panch witness role in panchnama under BNSS Section 103 Aim for 50 to 60 percent accuracy: medium-band distractors share most attributes with the right answer and a single misread will pull you onto the wrong one. Allow 30 minutes.
Applied scenarios in DVR and NVR forensics for the FACT digital forensics paper, pitched at medium difficulty. The mock walks through real laboratory situations: parsing Hikvision HIKBT_FS and Dahua DHFS proprietary layouts to locate indexed video; reconstructing a four-disk RAID 5 array from three surviving disks given stripe size and bay order; carving H.264 NAL units when the partition table is wiped; pulling the SPS and PPS that an isolated IDR slice depends on; correcting DVR clock drift against an NTP reference and against mobile-tower CDR for an alibi window; reading the ring-index head pointer that marks the loop-record overwrite boundary; choosing between ONVIF Profile S, Profile G, and Profile T for forensic export; verifying integrity of a multi-segment .dav export through SHA-256 and timestamp continuity; recovering a truncated MP4 by synthesising a moov atom from the surviving mdat NAL units; and applying Section 63 of the Bharatiya Sakshya Adhiniyam 2023 (formerly Section 65B IEA 1872) certificate, Tomaso Bruno (2015), Anvar P.V. (2014), and Arjun Panditrao (2020) to admissibility challenges. Written for FACT digital-forensics aspirants, NFSU MSc Cyber Security and Digital Forensics students, and serving investigators upskilling on CCTV scene seizure under the BNSS 2023 search-and-seizure framework. The questions assume a working knowledge of the easy DVR and NVR mock and now extend to scenario-based decisions across DVR file systems, RAID, carving, codecs, statutory regimes, and chain-of-custody mechanics. Topics covered: - Hikvision HIKBT_FS and Dahua DHFS proprietary layouts - RAID 5 reconstruction with missing data or parity - Physical acquisition versus vendor client export decisions - H.264 and H.265 NAL units, parameter sets, IDR anchors - DVR clock drift, NTP, CDR temporal corroboration - Loop-record ring index and overwrite boundary - ONVIF Profile S, Profile G, and Profile T capabilities - Section 63 BSA 2023 certificate and Tomaso Bruno case law Work through the 30 scenarios under timed conditions, review the explanations against the cited standards and statutes, and run the answer sheet against the topic matrix at the head of the SQL seed. Allow 30 minutes.
FACT Digital Forensics paper applied-scenario drill on cyber crime and web security, calibrated at the medium band where distractors are near-neighbour sister concepts and the student must match each fact pattern to the correct statute or technique. The set distinguishes Section 66, 66B, 66C, 66D, 66E, and 66F of the Information Technology Act 2000 against specific scenarios, separates phishing variants from spear phishing and whaling through tailoring and targeting cues, classifies ransomware families across WannaCry, LockBit, Conti, and the NotPetya wiper from their behavioural signatures, and applies malware taxonomy to operational evidence such as command-and-control beacons and SMB scanning. Web-security questions cover SQL injection sub-types (UNION-based, blind time-based, error-based), the three cross-site scripting variants (stored, reflected, DOM-based) from code snippets, email authentication results under SPF (RFC 7208), DKIM (RFC 6376), and DMARC (RFC 7489), and the same-origin policy, Content Security Policy directives, and TLS handshake reasoning at the transport layer. The cyberstalking and cyberbullying boundary is mapped to Section 354D of the Indian Penal Code 1860 and the carried-forward Section 78 of the Bharatiya Nyaya Sanhita 2023 effective from 1 July 2024. For FACT aspirants and MSc digital forensics students working through cyber crime and information security modules at the applied level, and useful as a calibration drill before NFSU MSc entrance, GCFA, CHFI, and OSCP-track examinations. Questions emphasise statute mapping to fact patterns, sub-type distinction across malware and web-attack families, and protocol reasoning grounded in the IT Act 2000 with its 2008 amendment and the carried-forward BNS 2023 provisions. Topics covered: - IT Act sections 66, 66B, 66C, 66D, 66E, 66F applied to scenarios - Phishing variants: spear phishing, whaling, vishing, smishing kill chains - Ransomware families: WannaCry, LockBit, Conti, NotPetya behavioural identification - Malware taxonomy: Trojan downloader, worm with C2, remote-access Trojan - Spoofing chain: ARP, DNS, and email spoofing layered together - SQL injection sub-types: UNION-based, blind time-based, error-based - Cross-site scripting variants: stored, reflected, DOM-based from snippets - Email authentication: SPF, DKIM, DMARC result evaluation - Same-origin policy, CORS, Content Security Policy, TLS handshake reasoning - Cyberstalking under Section 354D IPC 1860 and Section 78 BNS 2023 Useful for revision and self-testing before the FACT Digital Forensics paper. Allow 30 minutes.
Applied-scenario drill on computer hardware and file systems for the FACT digital forensics paper, pitched at the medium difficulty band where the question describes a real-world seizure or lab situation and the candidate must pick the technique, structure, or statute that fits. Coverage spans long-mode x86-64 instruction execution, DDR4 ECC behaviour, virtual memory and page-table translation during RAM acquisition, HDD zoned bit recording and LBA, SSD flash translation layer (FTL) and TRIM with garbage collection, MBR extended partitions and hybrid MBR alongside GPT, GPT backup-header recovery, NTFS resident versus non-resident $DATA, ext4 extents versus ext3 indirect blocks, ext4 journal modes (writeback, ordered, journal), APFS clones, $STANDARD_INFORMATION versus $FILE_NAME timestomp detection, NTFS $LogFile versus USN journal, exFAT versus FAT32 for large files, HFS+ versus APFS macOS timeline, pagefile.sys and hiberfil.sys as RAM residue, UEFI Secure Boot with EFI System Partition, the POST boot stage, NIC checksum offload artefacts in PCAP, PMTUD black holes from MTU mismatch, NVMe-direct-to-CPU versus SATA-through-PCH topology, ECC scrubbing in cold-boot key recovery, and 4Kn versus 512e imaging offset issues. The pack is meant for FACT aspirants who have cleared an easy-band hardware mock and now want scenario-style questions that force them to choose between near-neighbour techniques and adjacent structures, the same calibration the FACT digital forensics paper applies. It is also useful for NFSU MSc cyber forensics entrance candidates, CDAC PG-DCSF students, and SI-to-Inspector cyber-cell promotion aspirants in state CIDs. Topics covered: - Long mode and page-table translation in live acquisition - DDR4 ECC, scrubbing, and cold-boot key recovery windows - HDD zoned recording, SSD FTL, and TRIM-driven garbage collection - MBR extended partitions, GPT backup header, hybrid MBR scenarios - NTFS MFT resident attributes, USN journal, $LogFile timeline - ext4 extents and journal modes (writeback, ordered, journal) - APFS clones, HFS+ to APFS macOS file-system timeline - UEFI Secure Boot, EFI System Partition, NVMe versus SATA topology Use this mock after the easy-band hardware pack and before attempting the digital-forensics mixed full-length. Allow 30 minutes.
Showing 12 of 13 tests