Friday, Aug 23rd

Last update06:08:55 PM GMT

You are here: Glossary

Glossary of Computer Forensics Terms

Search for glossary terms (regular expression allowed)
Begins with Contains Exact term
All A B C D E F G H I J K L M N O P Q R S T U V W
Term Definition

B*-tree A file system used by the Mac OS that consists of nodes, which are objects, and leaf nodes, which contain data.

Back door

A hole in the security of a computer system deliberately left in place by designers or maintainers. Synonymous with trap door. A hidden software or hardware mechanism used to circumvent security controls. A breach created intentionally for the purpose of collecting, altering, or destroying data.

Back up or backup

Either the act of creating a duplicate copy of working programs and data or the actual copy of programs and data, used for disaster recovery. Ideally, such copies are stored off site.

Backup and recovery

The ability to recreate current master files using appropriate prior master records and transactions.

Bad block anode

In the Linux, file system, the anode that tracks the bad sectors on a drive.


An established standard for measurement or comparison.

Big endian

In a big-endian system, the most significant value in the sequence is stored at the lowest storage address (i.e., first). Many mainframe computers, particularly IBM mainframes, use a big-endian architecture. Most modern computers, including PCs, use the little-endian system. The terms big endian and little endian are derived from the Lilliputians of Gulliver’s Travels, whose major political issue was whether soft-boiled eggs should be opened on the big side or the little side.


The Basic Input Output System of a PC. This is usually a number of machine code routines that are stored in ROM and available for execution at boot time. The "boot strap loader" is contained in ROM and is the first code to execute when the computer is turned on. The BIOS contains commands for reading the physical disks sector by sector.


A measurement of data. A bit is either the one or zero component of the binary code.

Bit-stream copy

A bit-by-bit copy of the data on the original storage media.

Bit-stream image

The file used to store the bit-stream copy.

Bitmap Image

A representation of a graphics image in a grid format.


A marker or address that identifies a specific place or location for subsequent retrieval.


To start up a computer. Because the computer gets itself up and going from an inert state, it could be said to lift itself up ‘by its own bootstraps’—this is where the term ‘boot’ originates.

Boot disk

The magnetic disk (usually a hard disk) from which an operating system kernel is loaded (or ‘bootstrapped’). MS-DOS and Microsoft ® Windows® can be con-figured (in the BIOS) to try to boot off either floppy disk or hard disk, in either order (and on some modern systems even from CD or other removable media). A special floppy boot disk (often called a ‘System Rescue Disk’) can be created, which will allow your computer to boot even if it cannot boot from the hard disk.

Boot record

Once the BIOS determines which disk to boot from, it loads the first sector of that disk into memory and executes it. Besides this loader program, the Boot Record contains the partition table for that disk.


To load and initialize the operating system on a computer. Often abbreviated to ‘boot’.


Any prohibited penetration or unauthorized access to a computer system that causes damage or has the potential to cause damage.


A device attached to a network cable to connect two like topologies.


Short for Web Browser. A software application used to locate and display Web pages. The two most popular browsers are Netscape Navigator and Microsoft Internet Explorer. Both of these are graphical browsers, which mean that they can display graphics as well as text. In addition, most modern browsers can present multimedia information, including sound and video, although they require plug-ins for some formats.


An area of memory, often referred to as a ‘cache’ used to speed up access to devices. It is used for temporary storage of data read from or waiting to be sent to a device such as a hard disk, CD-ROM, printer, or tape drive.

Buffer Overflow

A buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates. This may result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach of system security. They are thus the basis of many software vulnerabilities and can be maliciously exploited.


Slang for making (burning) a CD-ROM copy of data, whether it is music, software, or other data.


A set of conductors (wires or connectors in an integrated circuit) connecting the various functional units in a computer. There are busses both within the CPU and connecting it to external memory and peripheral devices. The bus width (i.e., the number of parallel connectors) is one factor limiting a computer's performance.


In most computer systems, a byte is a unit of data generally consisting of 8 bits. A byte can represent a single character, such as a letter, a digit, or a punctuation mark.

All A B C D E F G H I J K L M N O P Q R S T U V W