- Glossary of digital forensics terms
-
Digital forensics is a branch of the forensic sciences related to the investigation of digital devices and media. Within the field a number of "normal" forensics words are re-purposed, and new specialist terms have evolved.
Terms and definitions
- acquisition
- The process of creating a duplicate copy of digital media for the purposes of examining it[1]
- digital media
- Used within the fields to refer to the physical medium (such as a hard drive) or data storage device
- eDiscovery
- A common acronym for electronic discovery[2]
- exhibit
- Digital media seized for investigation is usually referred to as an "exhibit"[2]
- hashing
- Within the field "hashing" refers to the use of hash functions (e.g. CRC, SHA1 or MD5) to verify that an "image" is identical to the source media[2]
- image
- A duplicate copy of some digital media created as part of the forensic process[3]
- imaging
- Synonym of "acquisition"[1]
- live analysis
- Analysis of a piece of digital media from within itself; often used to acquire data from RAM where this would be lost upon shutting down the device[2]
- slack space
- The unused space at the end of a file in a file system that uses fixed size clusters (so if the file is smaller than the fixed block size then the unused space is simply left). Often contains deleted information from previous uses of the block
- unallocated space
- Clusters of a media partition not in use for storing any active files. They may contain pieces of files that were deleted from the file partition but not removed from the physical disk[4]
- verification
- A term used to refer to the hashing of both source media and acquired image to verify the accuracy of the copy
- write blocker
- The common named used for a forensic disk controller, hardware used to access digital media in a read only fashion[3]
References
- ^ a b Maarten Van Horenbeeck (24). "Technology Crime Investigation". http://www.daemon.be/maarten/forensics.html. Retrieved 17 August 2010.
- ^ a b c d Various (2009). Eoghan Casey. ed. Handbook of Digital Forensics and Investigation. Academic Press. pp. 567. ISBN 0123742676. http://books.google.co.uk/books?id=xNjsDprqtUYC. Retrieved 27 August 2010.
- ^ a b Casey, Eoghan (2004). Digital Evidence and Computer Crime, Second Edition. Elsevier. ISBN 0-12-163104-4. http://books.google.co.uk/books?id=Xo8GMt_AbQsC&hl=en&dq=Digital%20Evidence%20and%20Computer%20Crime,%20Second%20Edition&ei=it1XTMncCMm44gbC_qyFBw&sa=X&oi=book_result&ct=result&resnum=1&ved=0CDQQ6AEwAA.
- ^ Aaron Phillip; David Cowen, Chris Davis (2009). Hacking Exposed: Computer Forensics. McGraw Hill Professional. pp. 544. ISBN 0071626778. http://books.google.co.uk/books?id=yMdNrgSBUq0C. Retrieved 27 August 2010.
Branches Computer forensics • Mobile device forensics • Network forensics • Database forensics • Windows To GoHardware Software EnCase • FTK • PTK Forensics • The Sleuth Kit • The Coroner's Toolkit • COFEE • Selective file dumper • HashKeeperCertification Processes / Topics Organisations National Software Reference Library • American Society of Digital Forensics & eDiscovery • HTCIA • Department of Defense Cyber Crime Center • NHTCU • AHTCCPeople Eoghan Casey • Clifford Stoll • Erik LaykinGlossary of digital forensics termsCategories:- Glossaries on computers
- Digital forensics
Wikimedia Foundation. 2010.
