Friday, Aug 23rd

Last update06:08:55 PM GMT

You are here: Glossary

Glossary of Computer Forensics Terms

Search for glossary terms (regular expression allowed)
Begins with Contains Exact term
All A B C D E F G H I J K L M N O P Q R S T U V W
Term Definition
Image (Forensic)

To image a hard drive is to make an identical copy of the hard drive, including empty sectors. Akin to cloning the data. Imaging Is the process used to obtain all of the data present on a storage media (e.g. hard disk) whether it is active data or data in free space, in such a way as to allow it to be examined as if it were the original data.

Incident response

The process of analyzing a security incident how it was able to occur and how to prevent similar incidents from occurring in the future.

INFO2 file

In Windows NT, 2000, and XP, the control file for the Recycle Bin.

Internal drive

A data storage unit contained in the computer housing

Internet Service Provider (ISP)

Any company or organization that provides individuals with access to, or data storage on, the Internet.


INTERnet Network Information Centre. InterNIC is the organisation responsible for registering and maintaining the corn, edu, gov, net and org domain names on the World Wide Web.

Interrupt ReQuest (IRQ)

IRQ is the name of the hardware interrupt signals that PC peripherals (such as serial or parallel ports) use to get the processor’s attention. Interrupts usually cannot be shared so devices are assigned unique IRQ addresses that enable them to communicate with the processor. Peripherals that use interrupts include LAN adapters, sound boards, scanner interfaces, and SCSI adapters

Intrusion detection

Detection of break-ins or break-in attempts either manually or via software expert systems that operate on logs or other information available on the network.

IP address

Each computer connected to the Internet is addressed using a unique 32-bit number called an IP Address. These addresses are usually written in ‘Dotted Quad’ notation, as a series of four 8-bit numbers, written in decimal and separated by periods (e.g. 151.123.456.10). Each number in the IP address falls between 0 and 255. Many computers have more than one IP address.

IP Spoofing

An attack whereby a system attempts to illicitly impersonate another system by using its IP network address.

All A B C D E F G H I J K L M N O P Q R S T U V W