Glossary of Computer Forensics Terms
Term | Definition |
---|---|
EFS |
Encrypted file system |
EIDE |
Enhanced Integrated Drive Electronics. A specific type of attachment interface specification that allows for high-performance, large-capacity drives. |
Electromagnetic interference |
An electromagnetic disturbance that interrupts, obstructs, or otherwise degrades or limits the effective performance of electronics/electrical equipment. |
Electronic records |
Information stored in a format that can only be read and processed by a computer. |
Encryption |
Any procedure used in cryptography to convert plain text into cipher text in order to prevent anyone but the intended recipient from reading that data. |
End-of-file marker |
0x0FFFFFFF, the code typically used with FAT file systems to show where the file ends. |
Ethernet |
A very common way of networking PCs to create a LAN. |
Event viewer |
In Windows, a utility used to display event logs. With Event Viewer, users can monitor events recorded in the Application, Security, and System logs. |
Examination |
Technical review that makes the evidence visible and suitable for analysis; tests performed on the evidence to determine the presence or absence of specific data. |
Executable |
A binary file containing a program in machine language that is ready to be executed (run). MS-DOS and Windows machines use the filename extension ‘.exe’ for these files. |
Exploit |
To use a program or technique to take advantage of vulnerabilities or flaws in hardware or software. |
Ext2 |
The Ext2 file system is the primary file system used on the Linux operating system. Ext2 partitions are divided into a series of Groups. Each Group contains a series of Inodes and Blocks. The Inode tables describe the files that are located within each group. As with the FAT file system, a folder is a file that contains descriptors for each of its children. |
Extended DOS partitions |
Normally, each partition table entry describes a volume to be mounted by the file system. If more than four partitions are on the drive, a special partition type called an ‘Extended Partition’ is created. In this configuration, the first sector of every extended partition is itself a boot sector with another partition table. This table has a duplicate copy of the partition entry for that volume that contains a sector offset into the current partition where the logical volume begins. |
Extended headers |
Information that is added by e-mail programs and transmitting devices – which shows more information about the sender that is in many circumstances traceable to an individual computer on the Internet. |
External cache memory |
Internal caches are often called Level 1 (L1) caches. Most modern PCs also come with external cache memory, called Level 2 (L2) cache. These caches sit between the CPU and the DRAM. Like L1 caches, L2 caches are composed of SRAM but are much larger. |
External drive |
A data storage unit not contained in the main computer housing |
Extract |
To extract is to return a compressed file to its original state. Typically, to view the contents of a compressed file, it must be extracted first. |