Social Media Evidence Indian Medical PG Practice Questions and MCQs
Practice Indian Medical PG questions for Social Media Evidence. These multiple choice questions (MCQs) cover important concepts and help you prepare for your exams.
Social Media Evidence Indian Medical PG Question 1: What type of evidence do medical certificates provide?
- A. Testimonial evidence
- B. Indirect evidence
- C. Conditional release documentation
- D. Documentary evidence of a patient's condition (Correct Answer)
Social Media Evidence Explanation: ***Documentary evidence of a patient's condition***
- Medical certificates are formal written documents prepared by a healthcare professional that provide **objective information** regarding a patient's medical status, diagnosis, treatment, and fitness for work or other activities.
- Under the **Indian Evidence Act, 1872 (Section 3)**, medical certificates are classified as **documentary evidence** - they serve as verifiable written records offering **factual proof** of a patient's health situation at a specific time.
- They are considered **direct evidence** that can be produced in court to establish medical facts.
*Testimonial evidence*
- This involves **oral statements** made under oath, typically in a court of law, by a witness who has direct knowledge of the facts.
- While a doctor might provide testimonial evidence when called as a witness, the certificate itself is not a spoken testimony but a **written document**.
*Indirect evidence*
- Also known as **circumstantial evidence**, this refers to facts that, when proven, suggest the existence of another fact without directly proving it.
- Medical certificates directly state the patient's condition, making them **direct documentary evidence**, not indirect or circumstantial evidence.
*Conditional release documentation*
- This type of document pertains to the **release of a patient from a hospital** or facility under certain conditions, such as follow-up appointments or medication adherence.
- While a medical certificate might be part of a discharge process, its primary legal classification is as **documentary evidence**, not a specific type of release documentation.
Social Media Evidence Indian Medical PG Question 2: Doctor or nurse disclosing the identity of a rape victim is punishable under the following section of IPC?
- A. Section 224A
- B. Section 226A
- C. Section 222A
- D. Section 228A (Correct Answer)
Social Media Evidence Explanation: ***Section 228A IPC***
- This section of the Indian Penal Code specifically deals with the **disclosure of the identity of a victim of rape and certain sexual offenses** (Sections 376, 376A, 376AB, 376B, 376C, 376D, 376DA, 376DB, 376E).
- Making public the name or any matter that can reveal the identity of a rape victim by **any person, including doctors and nurses**, is a punishable offense.
- **Punishment**: Imprisonment up to **2 years** and fine.
- **Exception**: Disclosure is permitted only to authorized persons like police officers for investigation purposes.
- **Important**: This is now covered under **Section 72 of Bharatiya Nyaya Sanhita (BNS) 2023**, which replaced the IPC.
*Section 224A*
- This is **not a valid or recognized provision** within the Indian Penal Code.
- It does not relate to offenses concerning privacy or the identity of sexual assault victims.
*Section 226A*
- This is **not a valid or recognized provision** within the Indian Penal Code.
- It does not pertain to the confidentiality of victims of sexual offenses.
*Section 222A*
- This is **not a valid or recognized provision** within the Indian Penal Code.
- There is no such specific section addressing disclosure of victim identity in the IPC.
Social Media Evidence Indian Medical PG Question 3: In the context of Indian law, what is the legal classification of the first offense of stalking?
- A. Cognizable and bailable under Indian law (Correct Answer)
- B. Non-cognizable and bailable under Indian law
- C. Non-cognizable and non-bailable under Indian law
- D. Cognizable and non-bailable under Indian law
Social Media Evidence Explanation: ***Cognizable and bailable under Indian law***
- Under Section 354D of the **Indian Penal Code (IPC)**, the **first offense** of stalking is classified as **cognizable and bailable**.
- **Cognizable** means a police officer can arrest the accused without a warrant and begin investigation without magistrate's permission.
- **Bailable** means the accused has an automatic right to be released on bail.
- First offense carries punishment of imprisonment up to **3 years** and fine.
- **Note:** Subsequent offenses become **non-bailable** with imprisonment up to 5 years.
*Non-cognizable and bailable under Indian law*
- This is incorrect as the first offense of stalking is **cognizable**, not non-cognizable.
- If it were non-cognizable, police would require a **magistrate's order** to investigate and arrest.
*Non-cognizable and non-bailable under Indian law*
- Both classifications are incorrect for the first offense.
- The first offense of stalking is **cognizable and bailable**, not non-cognizable and non-bailable.
*Cognizable and non-bailable under Indian law*
- While correctly identifying the cognizable nature, this incorrectly classifies the first offense as non-bailable.
- **Non-bailable** classification applies only to **subsequent offenses** of stalking under Section 354D IPC.
- For first offense, bail is a matter of right, not court discretion.
Social Media Evidence Indian Medical PG Question 4: What is the most reliable method to determine the time of death within the first 24 hours after death?
- A. Livor mortis is fixed and cannot be displaced after 8-12 hours
- B. Rigor mortis appears first in smaller muscles and progresses to larger muscles
- C. Putrefaction begins immediately after death in all environmental conditions
- D. Algor mortis using rectal temperature with standard nomograms (Correct Answer)
Social Media Evidence Explanation: ***Algor mortis using rectal temperature with standard nomograms***
- **Algor mortis** (body cooling) measured via **rectal temperature** using standardized nomograms (such as **Henssge's nomogram**) is considered the **most reliable method** for estimating time of death within the first 24 hours.
- While environmental factors affect cooling rate, the use of **mathematical models and nomograms** that account for body weight, ambient temperature, and clothing make this method more **objective and reproducible** than other postmortem changes.
- Provides **quantitative data** that can be standardized, unlike the more subjective assessments of rigor or livor mortis.
*Rigor mortis appears first in smaller muscles and progresses to larger muscles*
- **Rigor mortis** follows **Nysten's rule** (progression from smaller to larger muscles), typically appearing within 2-6 hours, peaking at 12-24 hours.
- However, the **onset time is highly variable** depending on factors like ante-mortem physical activity, environmental temperature, and cause of death.
- The subjective nature of assessment and **significant individual variation** make it less reliable than temperature-based methods for precise time estimation.
*Livor mortis is fixed and cannot be displaced after 8-12 hours*
- **Livor mortis** (postmortem lividity) becomes fixed and non-blanchable after approximately 8-12 hours.
- While useful, the **wide time range** for fixation and the fact that it provides only a few discrete time points (appearance, confluence, fixation) make it less precise than continuous temperature measurements.
*Putrefaction begins immediately after death in all environmental conditions*
- This statement is **incorrect**. **Putrefaction** (bacterial decomposition) typically begins hours to days after death, heavily dependent on **environmental temperature** and humidity.
- Putrefaction is useful for estimating time of death **beyond 24-48 hours**, not within the first 24 hours as asked in this question.
Social Media Evidence Indian Medical PG Question 5: In the context of a viral outbreak, what is the first step that public health officials should take?
- A. Immunization
- B. Notification (Correct Answer)
- C. Isolation
- D. Verification of diagnosis
Social Media Evidence Explanation: ***Correct: Notification***
- **Notification** is the **first and essential step** in public health outbreak management as mandated by the International Health Regulations (IHR) and national disease surveillance systems
- Immediate notification to public health authorities triggers the entire surveillance and response mechanism, enabling coordinated investigation, resource mobilization, and implementation of control measures
- Without notification, the public health system cannot mount an organized response, and individual isolation efforts remain uncoordinated and potentially ineffective
- Notification activates the epidemic response teams who then conduct verification, implement isolation, and coordinate other control measures
*Incorrect: Isolation*
- While **isolation** is a critical containment measure, it cannot be the first step before cases are identified and reported through the surveillance system
- Isolation is implemented **after** notification and during/after case verification as part of the coordinated public health response
- Premature isolation without proper notification leads to fragmented, uncoordinated responses and missed opportunities for comprehensive outbreak control
*Incorrect: Verification of diagnosis*
- **Verification of diagnosis** is essential but occurs **after** notification to health authorities
- The verification process (epidemiological investigation and laboratory confirmation) is conducted by public health teams mobilized through the notification system
- While clinical suspicion may exist, formal verification requires coordinated investigation that follows notification
*Incorrect: Immunization*
- **Immunization** is a preventive and control measure implemented in later stages of outbreak response
- Vaccine deployment requires significant planning, availability, and logistics that can only be coordinated after the outbreak is officially reported and verified
- Ring vaccination or mass immunization campaigns are organized interventions that follow the initial notification and assessment phases
Social Media Evidence Indian Medical PG Question 6: Dying declaration comes under?
- A. Section 60 IEA
- B. 291 CrPC
- C. Section 32 IEA (Correct Answer)
- D. Section 32 IPC
Social Media Evidence Explanation: ***Section 32 IEA***
- This section of the **Indian Evidence Act (IEA)** specifically deals with cases in which a statement of a relevant fact by a person who is dead or cannot be found, etc., is relevant.
- A **dying declaration** is a statement made by a person as to the cause of their death, or as to any of the circumstances of the transaction which resulted in their death when the cause of that person's death is in question.
*Section 60 IEA*
- This section refers to **oral evidence** and states that oral evidence must, in all cases whatever, be direct.
- It does not specifically address the admissibility of statements made by deceased persons.
*291 CrPC*
- This section relates to the **Code of Criminal Procedure (CrPC)** and deals with the evidence of formal character, which can be proved by affidavit.
- It is not concerned with the concept of dying declarations.
*Section 32 IPC*
- This refers to the **Indian Penal Code (IPC)**, which defines various offenses and their punishments.
- Section 32 of the IPC states that words referring to acts include illegal omissions; it does not deal with evidence or dying declarations.
Social Media Evidence Indian Medical PG Question 7: A physician is accused of death threats via anonymous email. Investigation reveals the email was sent through multiple proxy servers and TOR network from a public WiFi location. The suspect's home computer shows no direct evidence. Evaluate which combination of digital artifacts would MOST conclusively link the suspect to the anonymous communication?
- A. TOR browser installation artifacts, typing pattern analysis (keystroke dynamics), linguistic stylometry of email content, correlation with suspect's known writings, WiFi connection logs on suspect's devices matching crime timeframe, and browser artifacts showing proxy/anonymizer research preceding the incident (Correct Answer)
- B. IP address logs from public WiFi and timestamp correlation alone
- C. Eyewitness testimony of suspect's presence at WiFi location
- D. Confession obtained during interrogation
Social Media Evidence Explanation: ***TOR browser installation artifacts, typing pattern analysis (keystroke dynamics), linguistic stylometry of email content, correlation with suspect's known writings, WiFi connection logs on suspect's devices matching crime timeframe, and browser artifacts showing proxy/anonymizer research preceding the incident***
- This multimodal approach establishes a link by combining **behavioral biometrics** (keystroke dynamics and stylometry) with **forensic artifacts** (TOR installation and research) to overcome the technological anonymity provided by several proxy layers.
- Evidence of **premeditation** (researching anonymizers) and **temporal-spatial correlation** (WiFi logs matching the crime scene) provides the high level of certainty required for legal attribution in digital forensics.
*IP address logs from public WiFi and timestamp correlation alone*
- While this places a device at the location, it fails to account for **TOR network masking**, which hides the original source IP from external logs.
- **IP addresses** alone are insufficient for definitive attribution, as they do not identify the specific user behind the terminal or account for MAC address spoofing.
*Eyewitness testimony of suspect's presence at WiFi location*
- Presence at a public location is **circumstantial** and does not prove that the suspect was the individual interacting with the specific digital service at that time.
- Testimony is subject to **human error and bias**, lacking the objective scientific rigor found in **digital footprint analysis** and linguistic fingerprints.
*Confession obtained during interrogation*
- Confessions may be **retracted or ruled inadmissible** if any procedural errors or coercion are alleged during the interrogation process.
- Without **corroborating digital evidence**, a confession alone lacks the technical proof necessary to explain how the suspect bypassed complex security and **anonymization protocols**.
Social Media Evidence Indian Medical PG Question 8: A hospital's electronic medical records system was allegedly tampered with to alter a patient's medication history before a medico-legal case. The accused claims system errors caused the changes. Multiple users have access. How would you BEST establish intentional tampering versus system malfunction?
- A. Rely on testimony of IT administrator alone
- B. Compare only the final version with the original record
- C. Check only the current database entries for inconsistencies
- D. Correlate database transaction logs with user authentication logs, audit trails, system logs, and backup differentials to establish specific user actions, timing patterns inconsistent with normal workflow, and evidence of privilege escalation or unauthorized access (Correct Answer)
Social Media Evidence Explanation: ***Correlate database transaction logs with user authentication logs, audit trails, system logs, and backup differentials to establish specific user actions, timing patterns inconsistent with normal workflow, and evidence of privilege escalation or unauthorized access***
- Intentional tampering is best proven by correlating **multi-source forensic data**, which identifies specific **user-linked actions** that deviate from automated system processes.
- Unlike system glitches, which appear as random or non-specific patterns, deliberate modification is evidenced by **targeted SQL queries**, **privilege escalation**, or changes occurring during unauthorized login sessions.
*Rely on testimony of IT administrator alone*
- Forensic evidence must be **objective and verifiable**; subjective testimony is insufficient for high-level medico-legal cases without technical proof.
- An administrator may have **conflicts of interest** or lack the specific technical data needed to distinguish between a hardware fault and a malicious act.
*Compare only the final version with the original record*
- Comparing versions reveals *that* a change occurred, but it fails to show **how, when, or by whom** the modification was made.
- This method cannot differentiate between a **legitimate clinical update**, an automated system synchronization error, or manual tampering.
*Check only the current database entries for inconsistencies*
- Looking at current entries provides only a **static view** of the data and does not capture the **chronological sequence** of events required for forensic reconstruction.
- Inconsistencies could be blamed on **bug-ridden software** or data corruption unless a full **audit trail** links those inconsistencies to specific user accounts.
Social Media Evidence Indian Medical PG Question 9: An autopsy surgeon receives a laptop allegedly containing child pornography. Initial examination shows no illegal images in accessible folders, but forensic tools detect suspicious encrypted container files. Anti-forensic timestamp manipulation is suspected. Which analytical approach would provide the MOST legally defensible evidence?
- A. Interview suspect first before digital analysis
- B. Screenshot visible content and prepare report
- C. Decrypt containers and rely solely on file content analysis
- D. Hash comparison against known illegal image databases, analysis of file system journals, examination of thumbnail cache and temporary internet files, coupled with entropy analysis of encrypted containers (Correct Answer)
Social Media Evidence Explanation: ***Hash comparison against known illegal image databases, analysis of file system journals, examination of thumbnail cache and temporary internet files, coupled with entropy analysis of encrypted containers***
- This approach is most defensible because **hash values** provide unique digital signatures that match against known databases (like **NCMEC**) without needing to view every image.
- **File system journals** and **thumbnail caches** provide objective proof of possession and usage history that bypasses manual **timestamp manipulation**.
*Interview suspect first before digital analysis*
- Interviewing before securing a **forensic image** of the data risks the suspect remotely wiping or destroying evidence via **kill switches**.
- Digital evidence must be preserved and analyzed objectively before testimony to maintain a solid **chain of custody**.
*Screenshot visible content and prepare report*
- Screenshots do not capture **metadata** or hidden data, and they are easily challenged in court as they do not prove the **integrity** of the original file.
- This method ignores the **encrypted containers**, failing to address the primary locations where illegal material is likely hidden.
*Decrypt containers and rely solely on file content analysis*
- Relying only on content analysis might fail if encryption keys cannot be recovered or if the suspect claims the files were **planted**.
- This narrow approach lacks the corroborating evidence provided by **entropy analysis** and **internet temporary files** which show the intent and history of the user's actions.
Social Media Evidence Indian Medical PG Question 10: A medical professional is accused of leaking confidential patient data via USB drive. Forensic examination reveals no files on the USB, but Registry analysis shows recent USB activity. File carving recovers deleted patient records. Which combination of artifacts would BEST establish the accused's intent and timeline?
- A. Link files (LNK), Prefetch files, USB connection timestamps, and recovered file metadata showing access patterns (Correct Answer)
- B. USB serial number from Registry and file creation dates only
- C. Link files (LNK), Prefetch files, USB connection timestamps, and recovered file metadata showing access patterns (Correct Answer)
- D. Recycle Bin contents and recent documents list only
- E. Browser history and email logs only
Social Media Evidence Explanation: ***Link files (LNK), Prefetch files, USB connection timestamps, and recovered file metadata showing access patterns***
- **LNK files** and **Prefetch files** provide evidence of specific file execution and volume serial numbers, linking the patient data directly to the external drive.
- **USB connection timestamps** and **metadata** establish a chronological timeline of when the device was connected and when files were accessed or deleted, proving **deliberate intent**.
*USB serial number from Registry and file creation dates only*
- While the **USB serial number** proves the device was connected, it does not provide information about which specific files were handled.
- **File creation dates** alone cannot distinguish between a legitimate automated system process and a manual, intentional data export by a user.
*Recycle Bin contents and recent documents list only*
- Files deleted from a **USB drive** typically do not go to the system **Recycle Bin**, making this artifact unreliable for external data leak investigations.
- **Recent documents** lists show file names but lack the **forensic depth** required to prove that the data was actually transferred to an external medium.
*Browser history and email logs only*
- These artifacts focus on **network-based exfiltration** and do not provide evidence regarding local physical transfers via **USB interface**.
- They fail to capture the **file carving** results or the specific interaction between the host OS and the hardware device in question.
More Social Media Evidence Indian Medical PG questions available in the OnCourse app. Practice MCQs, flashcards, and get detailed explanations.
