Forensic Terminology
Acceptable use policy-describes documented policies on use of organization systems and networks
Access-the act of interfacing with a secured area
Access authorization-permissions associated with groups or users of software and organization systems
Accountability-describes the degree to which a user can be monitored while accessing an organization's systems or network
Accreditation-describes the condition of complying with industry standards, commonly associated with individual certifications and organization compliance. Examples include the CCE certification and HIPAA compliance
Acquisition-describes a phase of the forensic investigations during which media is gathered prior to examination, may include PCs, laptops, harddrives, CDs, notes and journals, network logs, and many other components
Admissible Evidence-This is evidence that is considered to be genuine enough to be allowed in a court of law. In terms of Digital Evidence, to be admissible it must be authenticated as original to the case, and not have been tampered with at all or changed in any way in the course of the investigation.
Application-describes a program, an example would be notepad.exe, but may include scripts
Archive-describes a type of file, an example would be a .zip file, but may also indicate a location in which a user stores historical or incremental backups, also includes Tapes, CDs, and DVDs
ASCII-Acronym for American Standard Code for Information Exchange, maps a numeric code to each key of the keyboard
Audit-A record of activity on a computer system or network and which may include user account credentials, file access times, and even errors, also see timeline
Backdoor-Describes a mechanism by which traditional access can be subverted, commonly associated with trojan horse programs, and are often hidden within legitimate services
Backup-Describes a secondary copy of data stored securely in anticipation of a traumatic data loss, also may describe the act of creating a secondary copy of data
BIOS-Acronym for Basic Input Output System, this represents the system information necessary for an operating system to interact with system hardware
Bit-A contraction for binary digit, represents the smallest unit of information, this may mean a 0 or 1, may also mean the absence or presence of an electrical charge
Bitstream copy-Describes the act of copying a harddrive or filesystem to another media and which is a key component in Acquisition
Buffer-Describes a memory location into which data has been written to temporarily
Byte-A contraction for Binary Term, 8 bits, a common measurement of storage and represents a single character
Cache-Describes a location where frequently accessed data is kept, there are many kinds of caches but the most common cache a user will be familiar with is their web browser's cache
Chain of Custody-A process form used to validate the handling of evidence during the entire investigative process
Cluster-Describes a series of consecutive sectors
Compression-Describes the act of encoding a file or group of files, used to decrease space in use
Computer forensics-Describes the science and practice of which is included acquisition, electronic discovery, analysis, report generation, and testimony including deposition
Cookie-Describes a small file used to store authentication and tracking data relevant to a user's interaction with a website, may also include access history
Cylinder-Describes a cross section of harddrive platters at a specified head position
Data-Describes information found on a computer, differentiated from artifacts and evidence
Delete-Describes the act of marking one or more files or folders as free, although it does not necessarily prevent recovery unless overwritten
Desktop-Describes both the physical machine a user interacts with as well as the software environment in which applications are launched
Directory-Describes the hierarchical arrangement of files in a file system, nested directories are commonly referred to as subdirectories
Disk-Ambiguous term associated with many common devices in a computer system, may include harddisks, CD-ROM disks, or floppy disks
Driver-Describes a type of software used by the computer operating system to interface with hardware components
Download-Describes the act of transferring data, often software or files, between one or more computers
Email-Contraction for electronic mail, "mail" sent over a network or networks from an individual to one or more individuals using a mail exchanger, sometimes stores as text or in a small database
Encryption-Describes the act of converting readable data into unreadable data, a process reversed using a passphrase or key
Extended Partition-If a harddrive is divided into more than 4 partitions each subsequent partition created will be considered an extended partition
FAT-Acronym for File Allocation Table, a well-known file system
File Attribute-Describes unique properties of a file including file creation time and last time accessed
File Header-Describes information contained within a file which identifies the file type although the file's extension may have been modified
File System-Describes the organization deployed on a harddisk which allows information to be written to a read from it
Forensic Accounting-a science (i.e., a department of systemized knowledge) dealing with the application of accounting facts gathered through auditing methods and procedures to resolve legal problems. Forensic accounting is much different from traditional auditing. Forensic accounting is a specialty requiring the integration of investigative, accounting, and auditing skills. The forensic accountant looks at documents and financial and other data in a critical manner in order to draw conclusions and calculate values and to identify irregular patterns and/or suspicious transactions. A forensic accountant does not merely look at the numbers but rather looks behind the numbers. An example, a forensic accountant may be used to detect the ploys used by people to hide their earnings and assets during a divorce. http://en.wikipedia.org/wiki/Forensic_accounting
GIF-Acronym for Graphic interchange format, a common format for digital images
Harddrive-Describes a device which is the primary means of storage for PCs and which consists of a spindle holding several platters which are read by a floating head which detects the magnetic encoding
Hash-Describes the act of generating a numeric representation of a file, folder, or disk. May describe the number representation as well. A hash match indicates that the copy of a hashed object is unchanged from the original
Imaging-The process to create an exact duplication or "image" of media used in an investigation. An example would be a hard drive image being taken and duplicated onto another drive.
IP Address-Describes a numerical representation for a device capable of functioning at the network level using the TCP/IP protocol
JPEG-Acronym for Joint Photographic Experts Group, a common format for digital images
Keylogger-Describes hardware or software used for monitoring user activity and/or collecting information
Kilobyte-1024 bytes, a common measurement of storage capacity
Logs, Logfiles-Describes files in which various activities are recorded
Mail Exchanger-A server on a network which accepts mail for a particular domain and to which a user can connect using a Mail Transfer Agent (MTA) like Outlook
Mail Transfer Agent (MTA)-Describes a software application used to allow a user to connect with a Mail Exchanger to send and receive Email
Master Boot Record (MBR)-Describes the first sector of a harddrive in which the partition table may be found
Megabyte-1024 Kilobytes, a common measurement of storage capacity
Metadata-Describes supplemental information stored by some computer programs, may include file access history or other settings
Network-Describes a collection of computers linked electronically
NTFS-Acronym for New Technology File System, a file system developed for use by Microsoft in various flavors of the Windows operating system
Operating System (OS)-Describes the software environment which controls PC harddware and upon which the Desktop runs
Partition-Describes a logical portion of a physical harddrive
Partition table-Describes the logical partitions on a harddrive
PDA-Acronym for Personal Digital Assistant, a portable computing device which may contain applications, notes, files, or other information relevant to a Forensic investigation
PDF-Acronym for Portable Document Format, a common document format
Platter-Describes thin disks within a harddrive attached to a spindle
Program-Describes software used to access files, etc
RAM-Acronym for Random Access Memory, stores volatile data
Sector-A group of bytes on a harddrive platter, sequentially numbered
Slack(or Slackspace)-Describes an area of a cluster which has not been completely filled or written to
Steganography-Describes the mechanism by which data can be hidden within a file
Swapfile(or Pagefile)-Describes a file or filysystem allocated for the temporary storage of data, can be used to retrieve data after a program has executed
TCP/IP- Acronym for Transmission Control Protocol/Internet Protocol, a protocol set which facilitates communication between computers and networks
Terabyte-1024 Gigabytes, a common unit of storage
Unallocated space-this is an area of a particular media which doesn't contain normally accessible data, may contain deleted files
Volume-a logical portion of a harddrive.