Friday, Aug 23rd

Last update06:08:55 PM GMT

You are here: Glossary

Glossary of Computer Forensics Terms

Search for glossary terms (regular expression allowed)
Begins with Contains Exact term
All A B C D E F G H I J K L M N O P Q R S T U V W
Term Definition

Encrypted file system


Enhanced Integrated Drive Electronics. A specific type of attachment interface specification that allows for high-performance, large-capacity drives.

Electromagnetic interference

An electromagnetic disturbance that interrupts, obstructs, or otherwise degrades or limits the effective performance of electronics/electrical equipment.

Electronic records

Information stored in a format that can only be read and processed by a computer.


Any procedure used in cryptography to convert plain text into cipher text in order to prevent anyone but the intended recipient from reading that data.

End-of-file marker

0x0FFFFFFF, the code typically used with FAT file systems to show where the file ends.


A very common way of networking PCs to create a LAN.

Event viewer

In Windows, a utility used to display event logs. With Event Viewer, users can monitor events recorded in the Application, Security, and System logs.


Technical review that makes the evidence visible and suitable for analysis; tests performed on the evidence to determine the presence or absence of specific data.


A binary file containing a program in machine language that is ready to be executed (run). MS-DOS and Windows machines use the filename extension ‘.exe’ for these files.


To use a program or technique to take advantage of vulnerabilities or flaws in hardware or software.


The Ext2 file system is the primary file system used on the Linux operating system. Ext2 partitions are divided into a series of Groups. Each Group contains a series of Inodes and Blocks. The Inode tables describe the files that are located within each group. As with the FAT file system, a folder is a file that contains descriptors for each of its children.

Extended DOS partitions

Normally, each partition table entry describes a volume to be mounted by the file system. If more than four partitions are on the drive, a special partition type called an ‘Extended Partition’ is created. In this configuration, the first sector of every extended partition is itself a boot sector with another partition table. This table has a duplicate copy of the partition entry for that volume that contains a sector offset into the current partition where the logical volume begins.

Extended headers

Information that is added by e-mail programs and transmitting devices – which shows more information about the sender that is in many circumstances traceable to an individual computer on the Internet.

External cache memory

Internal caches are often called Level 1 (L1) caches. Most modern PCs also come with external cache memory, called Level 2 (L2) cache. These caches sit between the CPU and the DRAM. Like L1 caches, L2 caches are composed of SRAM but are much larger.

External drive

A data storage unit not contained in the main computer housing


To extract is to return a compressed file to its original state. Typically, to view the contents of a compressed file, it must be extracted first.

All A B C D E F G H I J K L M N O P Q R S T U V W