Wednesday, Dec 12th

Last update06:08:55 PM GMT

You are here: Glossary

Glossary of Computer Forensics Terms

Search for glossary terms (regular expression allowed)
Begins with Contains Exact term
All A B C D E F G H I J K L M N O P Q R S T U V W
Page:  « Prev 1 2 3 4 5... Next »
Term Definition
Firewall

A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

Firmware

Software contained in a read-only memory (ROM) device

Format

The DOS format program that performs high-level formatting on a hard disk, and both high- and low-level formatting on a floppy disk.

Fragmentation

The state of having a file scattered around a disk in pieces rather than existing in one contiguous area of the disk. Fragmented files are slower to read than un-fragmented files.

Free space

Space on storage media that appears to contain no data, either because it is unused or because files that were intact and accessible at one time are now erased. The file data remains in the slack space until overwritten

Graphical User Interface (GUI)

(pronounced gooey)A graphical user interface uses graphics such as a window, box, and menu to allow the user to communicate with the system. Allows users to move in and out of programs and manipulate their commands by using a pointing device (usually a mouse). Synonymous with user interface.

Hacker

The label ‘hacker’ has come to connote a person who deliberately accesses and exploits computer and information systems to which he or she has no authorized access. Originally, the term was an accolade for someone highly motivated to explore what computers could do and/or the limits of his or her technical skills (especially in programming). ‘A great hack’ was a common compliment for an especially cunning or innovative piece of software code. The term ‘cracker’ was then reserved for people intruding into computer or information systems for the thrill of it (or worse). This was derived from ‘cracking’ safes. Over time, ‘cracker’ has faded from usage and ‘hacker’ came to subsume its (unfortunate) connotations.

Hard disk

A peripheral data storage device that may be found inside a desktop or laptop that is used to store large amounts of information. A hard disk maintains the information stored on it after the power is turned off. The hard disk may also be a transportable version and attached to a desktop or laptop.

Hashing

The process of using a mathematical algorithm against data to produce a numeric value that is representative of that data. A hashing algorithm will produce hash values that are significantly different if only one single bit changes. Hashes are used to verify that two pieces of data are identical. Common hash algoritms include MD5, SHA-1 and SHA-256.

Head

A small electromagnetic device inside a drive that reads, writes, and erases data on the drive’s media.

Heat sink

A mass of metal attached to a chip carrier or socket for dissipating heat.

HFS, HFS+

Hierarchical File System: The system used by the Mac OS to store files, consisting of folders and subfolders, which can be nested. Hierarchical File System +: The Power Macintosh file-format.

Hidden file

A file with a special hidden attribute turned on, so that the file is not normally visible to users. For example, hidden files are not listed when you execute the DOS DIR command. However, most file management utilities allow you to view hidden files. DOS hides some files, such as MSDOS.SYS and IO.SYS, so that you will not accidentally corrupt them. You can also turn on the hidden attribute for any normal file, thereby making it invisible to casual snoopers. On a Macintosh, you can hide files with the ResEdit utility.

Honeypot

A lure set up to trap hackers and users with malicious intent as they attempt to gain entry into a computer system.

Host

On the Internet, a host is any computer that has full two-way access to other computers on the Internet. A host has a specific local or host number that, together with the network number, forms its unique Internet Protocol address. If Point-to-Point Protocols (PPP) are used to get access to the Internet Service Provider (ISP), then an unique IP address is granted for the duration of any connection made to the Internet and the user’s computer is a host for that period.

Host Protected Area

An area that can be defined on IDE drives that meets the technical specifications as defined by ATA4 and later. If a Max Address has been set that is less than a Native Max Address, then a host-protected area is present.

HyperText Mark-up Language (HTML)

The scripts that make Web pages work are written in HTML. The file extension for a file written in HTML may be .htm or .html. It not only formats documents, but also links text and images to documents residing on other web servers.

HyperText Mark-up Language (HTTP)

Documents formatted with hypertext links are sent and received using HTTP. In order for hypertext documents to be sent and displayed properly, and to have active hypertext links, software on both the sending and receiving end must use HTTP.

Image (Forensic)

To image a hard drive is to make an identical copy of the hard drive, including empty sectors. Akin to cloning the data. Imaging Is the process used to obtain all of the data present on a storage media (e.g. hard disk) whether it is active data or data in free space, in such a way as to allow it to be examined as if it were the original data.

Incident response

The process of analyzing a security incident how it was able to occur and how to prevent similar incidents from occurring in the future.

INFO2 file

In Windows NT, 2000, and XP, the control file for the Recycle Bin.

Internal drive

A data storage unit contained in the computer housing

Internet Service Provider (ISP)

Any company or organization that provides individuals with access to, or data storage on, the Internet.

InterNIC

INTERnet Network Information Centre. InterNIC is the organisation responsible for registering and maintaining the corn, edu, gov, net and org domain names on the World Wide Web.

Interrupt ReQuest (IRQ)

IRQ is the name of the hardware interrupt signals that PC peripherals (such as serial or parallel ports) use to get the processor’s attention. Interrupts usually cannot be shared so devices are assigned unique IRQ addresses that enable them to communicate with the processor. Peripherals that use interrupts include LAN adapters, sound boards, scanner interfaces, and SCSI adapters

Intrusion detection

Detection of break-ins or break-in attempts either manually or via software expert systems that operate on logs or other information available on the network.

IP address

Each computer connected to the Internet is addressed using a unique 32-bit number called an IP Address. These addresses are usually written in ‘Dotted Quad’ notation, as a series of four 8-bit numbers, written in decimal and separated by periods (e.g. 151.123.456.10). Each number in the IP address falls between 0 and 255. Many computers have more than one IP address.

IP Spoofing

An attack whereby a system attempts to illicitly impersonate another system by using its IP network address.

Jumper

A small, plastic-covered metal clip that slips over two pins protruding from a circuit board. When in place, the jumper connects the pins electronically and closes the circuit, turning it ‘on’. Hard disks typically use jumpers to determine the function of the hard disk (slave, master etc).

Key

In encryption, a key is a sequence of characters used to encode and decode a file. In network access security, the ‘key’ often refers to the ‘token’ or authentication tool, a device utilised to send and receive challenges and responses during the user authentication process. Keys may be small, hand-held hardware devices similar to pocket calculators or credit cards, or they may be loaded onto a PC as copy-protected, software.

Kilobyte (kb)

1 Kilobyte = 1024 bytes

LAN

Local Area Network

Linux

An operating system popular with enthusiasts and used by some businesses.

Little endian

In a little-endian system, the least significant value in the sequence is stored first. Many mainframe computers, particularly IBM mainframes, use a big-endian architecture. Most modern computers, including PCs, use the little-endian system. The terms big endian and little endian are derived from the Lilliputians of Gulliver's Travels, whose major political issue was whether soft-boiled eggs should be opened on the big side or the little side.

Locard’s exchange principle

The theory that anyone, or anything, entering a crime scene both takes something of the scene with them, and leaves something of themselves behind when they leave. In the digital world, this translates into that when two computers come in "contact" with each other over a network, they exchange something with each other. This "something" may show up in log files, the registry, in memory or other places on the systems.

Logging

The process of storing information about events that occurred on the firewall or network.

Logical address

When files are saved, they are assigned to clusters. The clusters are assigned numbers by the operating system, and the cluster number defines the logical address.

Logical Cluster Number

Used by the MFT in NTFS. The LCN describes the offset of a cluster from some arbitrary point within the volume

Logical file size

All file systems keep track of the exact size of a file in bytes. This is the logical size of the file and is the number that you see in the properties for a file. This number is different from the physical file size.

Lossless compression

A compression method in which no data is lost. With this type of compression, a large file can be compressed to take up less space, and then decompressed without any loss of information.

Lossy compression

A compression technique that can lose data but not perceptible quality when a file is restored. Files that use lossy compression include JPEG and MPEG.

MAC address

Media Access Control address. A unique identifying number built (or ‘burned’) into a network interface card by the manufacturer. MAC addresses can be faked (spoofed) using software.

Magnetic media

A disk, tape, cartridge, diskette, or cassette that is used to store data magnetically.

Malicious code

Programming code designed to damage a computer system or data contained on a system. It is traditionally classified into three categories viruses, worms, and Trojan horses, based upon the behaviour of the code.

Map node

Stores the node descriptor and a map record in the Macintosh file system.

Master Boot Record

The very first sector of a physical disk (absolute sector 0) is called the master boot record. It contains machine code to enable the computer to find the partition table and the operating system. One of the first things a computer does when it starts up is to load this code into memory and execute it. This ‘boot code’ has a very simple task. Its job is to read the partition table at the end of sector 0 and decide how the disk is laid out, and which partition contains the bootable operating system.

Master Directory Block

On older Macintosh systems, the location where all information about a volume is stored. A copy of the MDB is kept in the next to the last block on the volume.

Master File Table

Used by NTFS to track files. It contains information about the effective use of computer stamps, system attributes, and parts of the file.

Mb (Megabyte)

1 Megabyte = 1024 Kilobytes.

MD5 hash

An algorithm created in 1991 by Professor Ronald Rivest that is used to create digital signatures (i.e. fingerprints) of storage media such as a computer hard drive.

Page:  « Prev 1 2 3 4 5... Next »
All A B C D E F G H I J K L M N O P Q R S T U V W