A hub of online professional and topical glossaries/dictionaries
Items 1→50 of 289. Page 1 of 6. items/page.
ABUSE OF PRIVILEGE  look up translate image
Formal nomenclature for user action(s) not in accordance with organizational policy or law. Actions falling outside, or explicitly proscribed by, acceptable use policy.
ACCEPTABLE LEVEL OF RISK  look up translate image
A judicious and carefully considered assessment by the appropriate authority that a business, computing activity or network meets the minimum requirements of applicable security directives. The assessment should take into account the value of assets; threats and vulnerabilities; countermeasures; and operational requirements.
ACCEPTABLE USE POLICY  look up translate image
De facto nomenclature for documented standards and/or guidance on usage of information systems and networked assets.
ACCESS  look up translate image
The ability to enter a secured area. The process of interacting with an access control system and being permitted access
ACCESS AUTHORIZATION  look up translate image
Permission granted to users, programs or workstations.
ACCESS CONTROL  look up translate image
A set of procedures performed by hardware, software and administrators to monitor access, identify users requesting access, record access attempts, and grant or deny access.
ACCESS TOKEN  look up translate image
In Windows, an internal security card that is generated when users log on. It contains the security IDs (SIDs) for the user and all the groups to which the user belongs. A copy of the access token is assigned to every process launched by the user.
ACCOUNTABILITY  look up translate image
The principle that individuals using a facility or a computer system must be identifiable. With accountability, violations or attempted violations of system security can be traced to individuals who can then be held responsible.
ACCREDITATION  look up translate image
A program whereby a laboratory demonstrates that it is operating under accepted standards to ensure quality assurance. Passing ISO 9000 is called Accredited Certification
ACQUISITION  look up translate image
The stage in a computer forensic investigation where data is collected. Most often, this is done by making bit-by-bit copies of the hard disk/media.
ACQUISITION OF DIGITAL EVIDENCE  look up translate image
Begins when information or physical items are collected or stored for examination purposes. The term "evidence" implies that the collector of evidence is recognized by the courts. The process of collecting is also assumed to be a legal process and appropriate for rules of evidence in that locality. A data object or physical item only becomes evidence when so deemed by a law enforcement official or designee.
ACTIVE DATA  look up translate image
Data on a computer that is not deleted and is visible to the Operating System under normal use.
ADDRESS  look up translate image
The term address is used in several ways. An Internet address or IP address is a unique computer (host) location on the Internet. A Web page address is expressed as the defining directory path to the file on a particular server. A Web page address is also called a Uniform Resource Locator, or URL. An e-mail address is the location of an e-mail user (expressed by the user's e-mail name followed by an "at" sign (@) followed by the user's server domain name.
ADDRESS RESOLUTION PROTOCOL (ARP)  look up translate image
A protocol used to map a computer network address (IP address) to a hardware address (MAC address).
ALERT  look up translate image
A formal notification that an incident has occurred which may develop into a disaster.
ALGORITHM  look up translate image
A mathematical procedure that solves a recurrent problem.
ALLOCATED DATA  look up translate image
Data on a drive that has not been deleted or written over.
ALLOCATION UNIT / CLUSTER  look up translate image
The smallest unit of storage (number of sectors) that can be allocated by the Operating System to store data. The size of an allocation unit varies depending on the Operating System and size of the disk.
AMBIENT DATA  look up translate image
Ambient data is information that lies in areas not generally accessible to the user. This data lies in file slack, unallocated clusters, virtual memory files and other areas not allocated to active files. This is a forensic term that describes, in general terms, data stored in non-traditional computer storage areas and formats. The term was coined in 1996 to help students understand computer-evidence-processing techniques that deal with ev-idence not stored in standard computer files, formats, and...(more)
ANALYSIS  look up translate image
To look at the results of an examination for its significance and probative value to the case.
ANODE  look up translate image
A key part of the Linux file system that contains UIDs, GIDs, modification, access, creation times, and file locations.
ANOMALY DETECTION  look up translate image
A label for the class of intrusion-detection tactics that seek to identify potential intrusion attempts by virtue of their being (presumably) sufficiently deviant (anomalous) in comparison with expected or authorized activities. Phrased another way, anomaly detection begins with a positive model of expected system operations and flags potential intrusions on the basis of their deviation (as particular events or actions) from this presumed norm.
ANONYMOUS FTP  look up translate image
Allows visitors to upload and/or download predetermined files from designated directories without usernames or passwords. For example, distribute your latest software package by allowing visitors to download it through anonymous FTP. This is different than a regular FTP account
ANTIVIRUS  look up translate image
Software that detects, repairs, cleans, or removes virus-infected files from a computer.
APPLICATION  look up translate image
Software that performs a specific function or a more technical term for program.
APPLICATION DATA  look up translate image
Application-specific data. The contents of the data stored in this directory are determined by the software vendor.
APPLICATION GATEWAY  look up translate image
One form of a firewall in which valid application-level data must be checked or confirmed before allowing a connection. In the case of an ftp connection, the application gateway appears as an ftp server to the client and an ftp client to the server.
ARCHIVE  look up translate image
After processing discovery materials, an archive is created for each case.
ARCHIVE FILE  look up translate image
A file that contains other files (usually compressed files). It is used to store files that are not used often or files that have been stored on a server or other location in this form to save space.
ATTACHMENT  look up translate image
A file carried with an e-mail.
AUDIT  look up translate image
Examination and/or assessment of actions and records to ensure compliance with policies and operational procedures. If problems are found, recommendations are made to change policies or procedures. The independent examination of records to access their veracity and completeness.
AUDIT TRAIL  look up translate image
In computer security systems, a chronological record of when users log-in, how long they are engaged in various activities, what they were doing, and whether any actual or attempted security violations occurred. An automated or manual set of chronological records of system activities that may enable the reconstruction and examination of a sequence of events and/or changes in an event.
AUP  look up translate image
Acceptable use policy
AUTHENTICATION  look up translate image
The process of establishing the legitimacy of a user (or node) before allowing access to requested information. An example is for the user to enter a name or account number (identification) and password (authentication).
AUTHORIZATION  look up translate image
The processes of determining what types of activities are permitted. Usually, authorization is in the context of authentication. Once you have authenticated a user, the user may be authorised different type of access or activity.
AVAILABILITY  look up translate image
Ensuring that authorized users have access to information and associated assets when required.
B*-TREE  look up translate image
B*-tree A file system used by the Mac OS that consists of nodes, which are objects, and leaf nodes, which contain data.
BACK DOOR  look up translate image
A hole in the security of a computer system deliberately left in place by designers or maintainers. Synonymous with trap door. A hidden software or hardware mechanism used to circumvent security controls. A breach created intentionally for the purpose of collecting, altering, or destroying data.
BACK UP OR BACKUP  look up translate image
Either the act of creating a duplicate copy of working programs and data or the actual copy of programs and data, used for disaster recovery. Ideally, such copies are stored off site.
BACKUP AND RECOVERY  look up translate image
The ability to recreate current master files using appropriate prior master records and transactions.
BAD BLOCK ANODE  look up translate image
In the Linux, file system, the anode that tracks the bad sectors on a drive.
BASELINE  look up translate image
An established standard for measurement or comparison.
BIG ENDIAN  look up translate image
In a big-endian system, the most significant value in the sequence is stored at the lowest storage address (i.e., first). Many mainframe computers, particularly IBM mainframes, use a big-endian architecture. Most modern computers, including PCs, use the little-endian system. The terms big endian and little endian are derived from the Lilliputians of Gulliver's Travels, whose major political issue was whether soft-boiled eggs should be opened on the big side or the little side.
BIOS  look up translate image
The Basic Input Output System of a PC. This is usually a number of machine code routines that are stored in ROM and available for execution at boot time. The "boot strap loader" is contained in ROM and is the first code to execute when the computer is turned on. The BIOS contains commands for reading the physical disks sector by sector.
BIT  look up translate image
A measurement of data. A bit is either the one or zero component of the binary code.
BIT-STREAM COPY  look up translate image
A bit-by-bit copy of the data on the original storage media.
BIT-STREAM IMAGE  look up translate image
The file used to store the bit-stream copy.
BITMAP IMAGE  look up translate image
A representation of a graphics image in a grid format.
BOOKMARK  look up translate image
A marker or address that identifies a specific place or location for subsequent retrieval.
BOOT  look up translate image
To start up a computer. Because the computer gets itself up and going from an inert state, it could be said to lift itself up "by its own bootstraps"—this is where the term "boot" originates.
first prev Page of 6 next last
Back to Top
Computer forensics glossary
Visibility Public
Created by admin
Created on 2011-05-07 19:11:29
Number of terms 289
Last added write blocker by admin
2012-08-25 01:05:06
  • Data Recovery/Computer Forensics Glossary
    This is a work in progress. Please feel free to use the forum to suggest an add* edit or suggestion for this Glossary / Wiki Access Data: Authors of Forensic Tool Kit and Password Recovery Tool Kit. Generally accepted as a world leader in Computer Forensics Software and Password Cracking Software. Active Data: Active data is the data* (information)* stored on the data source* which is visible to the computer. A.C.P.O.: Association of Chief Police Officers. This is the organisation
  • all | Glossary
    Glossary of Computer Forensics Terms
  • Burgess Computer Forensics Glossary
  • Computer Forensics Computer Forensics Investigations by Expert Witnesses
    Computer Forensics by the experts in computer investigations, computer forensics, at Disklabs Computer Forensics, computer investigation experts, providing expert witnesses to prosecution and defence.
  • Computer Forensics Glossary
    A comprehensive glossary of computer forensics terms and phrases.
  • Digital Forensic Terminology Reference Page
  • Electronic Evidence Retrieval - Glossary of Computer Forensics Terminology
    Computers and computer forensics are highly specialized fields that utilize many special terms. We have prepared this glossary to assist you in further understanding these terms. Throughout articles and other information on this site you will find these terms underlined and hyperlinked. Clicking on any underlined term will open a new window containing an explanation of the term.
  • Glossary of digital forensics terms - Wikipedia, the free encyclopedia