Wednesday, Dec 12th

Last update06:08:55 PM GMT

You are here: Glossary

Glossary of Computer Forensics Terms

Search for glossary terms (regular expression allowed)
Begins with Contains Exact term
All A B C D E F G H I J K L M N O P Q R S T U V W
Term Definition
MAC address

Media Access Control address. A unique identifying number built (or ‘burned’) into a network interface card by the manufacturer. MAC addresses can be faked (spoofed) using software.

Magnetic media

A disk, tape, cartridge, diskette, or cassette that is used to store data magnetically.

Malicious code

Programming code designed to damage a computer system or data contained on a system. It is traditionally classified into three categories viruses, worms, and Trojan horses, based upon the behaviour of the code.

Map node

Stores the node descriptor and a map record in the Macintosh file system.

Master Boot Record

The very first sector of a physical disk (absolute sector 0) is called the master boot record. It contains machine code to enable the computer to find the partition table and the operating system. One of the first things a computer does when it starts up is to load this code into memory and execute it. This ‘boot code’ has a very simple task. Its job is to read the partition table at the end of sector 0 and decide how the disk is laid out, and which partition contains the bootable operating system.

Master Directory Block

On older Macintosh systems, the location where all information about a volume is stored. A copy of the MDB is kept in the next to the last block on the volume.

Master File Table

Used by NTFS to track files. It contains information about the effective use of computer stamps, system attributes, and parts of the file.

Mb (Megabyte)

1 Megabyte = 1024 Kilobytes.

MD5 hash

An algorithm created in 1991 by Professor Ronald Rivest that is used to create digital signatures (i.e. fingerprints) of storage media such as a computer hard drive.

Memory

Often used as a shorter synonym for random access memory (RAM). Memory is the electronic holding place for instructions and data that a computer’s microprocessor can reach quickly. Often used as a shorter synonym for random access memory (RAM). Memory is the electronic holding place for instructions and data that a computer’s microprocessor can reach quickly.

Metadata

Electronic information about a file that travels with the electronic file. Otherwise called ‘data about data’

Mirror image backup

Mirror image backups (also referred to as bit-stream backups) involve the backup of all areas of a computer hard disk drive or another type of storage media. Mirror image backups exactly replicate all sectors on a given storage device. Accuracy is essential and to guarantee accuracy, mirror image backup programs typically rely on mathematical hashing computations in the validation process.

Misnamed files (also called files with a

One simple way to disguise a file’s contents is to change the file’s name to something innocuous. For example, if an investigator was looking for images by searching or filtering for a particular file extension (i.e. .gif), any file whose extension had been changed by the user to ‘rtf’ would not appear as a result of the search. Forensic examiners use special techniques (signature analysis) to determine if this has occurred, which the casual user would not normally be aware of.

Modem

A device that converts digital signals to analog signals for transmission over the telephone system.

Motherboard

The ‘heart’ of the computer. It handles system resources (IRQ lines, DMA channels, I/O locations), as well as core components such as the CPU, and all system memory. It accepts expansion devices such as sound and network cards, and modems.

MS-DOS

MicroSoft Disk Operating System. Operating system marketed by Microsoft. This was the most common operating system in use on desktop PCs, which automatically loads into the computers memory in the act of switching the computer on.

All A B C D E F G H I J K L M N O P Q R S T U V W