Wednesday, Dec 12th

Last update06:08:55 PM GMT

You are here: Glossary

Glossary of Computer Forensics Terms

Search for glossary terms (regular expression allowed)
Begins with Contains Exact term
All A B C D E F G H I J K L M N O P Q R S T U V W
Term Definition

A software program that runs in the background, often to facilitate networking. Daemon programs are usually invisible to users, unlike applications.


Representation of facts, concepts, or instructions in a formalized manner suitable for communication, interpretation, or processing by humans or by automatic means. Any representations such as characters or analog quantities to which meaning is or might be assigned. A representation of facts, concepts, or instructions suitable for com¬munication, interpretation, or processing by humans or computers. (Note: processed data become information)

Data compression

A complex algorithm used to reduce the size of a file.

Data Encrypting Key

Used for the encryption of message text and for the computation of message integrity checks (signatures).

Data fork

The part of the Macintosh file structure that contains the actual data of a file.

Data integrity

Refers to the validity of data. Data integrity can be compromised in a number of ways, including: • Human errors when data is entered; • Errors that occur when data is transmitted from one computer to another; • Software bugs or viruses; • Hardware malfunctions, such as disk crashes; • Natural disasters, such as fires and floods. There are many ways to minimize these threats to data integrity, including: • Backing up data on a regular basis; • Controlling access to data via security mechanisms; • Designing user interfaces that prevent the input of invalid data; • Using error detection and correction software when transmitting data.

Data recovery

Retrieving files that were accidentally or purposefully deleted, or rendered inaccessible by logical (software) problems or physical (hardware) problems with the data storage device.

Data structures

The logical relationships among data units and description of attributes or features of a piece of data (e.g., type, length).


A collection of information data consisting of at least one file, usually stored in one location, which may be available to several users simultaneously for various applications.


The reverse of encryption, a method of unscrambling encrypted information so that it becomes legible again.


As modern file systems are used and files are deleted and created, the total free space becomes split into smaller non-contiguous blocks. Eventually new files being created, and old files being extended, cannot be stored each in a single contiguous block but become scattered across the file system. This degrades performance as multiple seek operations are required to access a single fragmented file. Defragmenting consolidates each existing file and the free space into a contiguous group of sectors. Access speed will increase.

Deleted files

If a subject knows there are incriminating files on the computer, he or she may delete them in an effort to eliminate the evidence. Many computer users think that this actually eliminates the information. However, depending on how the files are deleted, in many instances a forensic examiner is able to recover all or part of the original data.

Denial of Service

The inability to use system resources due to unavailability stemming from a variety of causes for example, infiltrations by hackers, the flooding of IP addresses from external messages, and network worms.

Dictionary attacks

The attacker uses a program that continuously tries different common words to see if one matches a password to the system or programs.

Digital certificate

A digital identifier linking an entity and a trusted third party with the ability to confirm the entities identification. Typically stored in a browser or a smart card.

Digital signature

A unique value that identifies a file. A code that is used to guarantee that an e-mail was sent by a particular sender.

Disaster Recovery

The process of returning a business function to a state of normal operations either at an interim minimal survival level and/or re-establishing full-scale operations.


It may be a floppy disk, or it may be a hard disk. May also refer to a CD ROM.

Disk cache

A portion of memory set aside for temporarily holding information read from a disk.

Disk duplexing

This refers to the use of two controllers to drive a disk subsystem. Should one of the controllers fail, the other is still available for disk I/O. Software applications can take advantage of both controllers to simultaneously read and write to different drives.

Disk geometry

The internal organization of the drive.

Disk mirroring

Disk mirroring protects data against hardware failure. In its simplest form, a two-disk subsystem would be attached to a host controller. One disk serves as the mirror image of the other. When data is written to it, it is also written to the other. Both disks will contain exactly the same information. If one fails, the other can supply the data to the user without problem.

Distributed Denial of Service (DDoS)

Distributed Denial of Service attempts involving multiple Internet-connected systems launching or being used in attacks against one or more target systems.


Dynamic link library


Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain.

Domain name registration

A domain name is a textual address that is a unique identifier for your Web site that corresponds to your site's numerical Internet Protocol (IP) address.


Also called a hardware key. A dongle is a copy protection device supplied with software that plugs into a computer port, usually the parallel or USB port on a PC. The software sends a code to that port and the key responds by reading out its serial number, which verifies its presence to the program. The key hinders software duplication because each copy of the program is tied to a unique number, which is difficult to obtain, and the key has to be programmed with that number.


Disk operating system. Usually used as an abbreviation for MS-DOS, a microcomputer operating system developed by Microsoft.


An MS DOS disk compression. A utility distributed with MS-DOS 6.0 and 6.20.


Generally, to copy something from a bigger computer to a smaller one or from a distant one to a local one, e.g. from a network (including the Internet) or server on to PC, or from a PC to a PDA. The transferring of programs and data from a remote computer to your computer.

Drive slack

Any information that had been on the storage device previously. It can contain deleted files, deleted e-mail, or file fragments. Both file slack and RAM slack constitute drive slack.


A program designed to interface a particular piece of hardware to an operating system or other software.

Dynamic Random Access Memory (DRAM)

A type of memory used in a PC for the main memory. ‘Dynamic’ refers to the memory’s memory of storage—storing the charge on a capacitor. Specialized types of DRAM (such as EDO memory) have been developed to work with today’s faster processors.

All A B C D E F G H I J K L M N O P Q R S T U V W