Glossary of digital forensics terms

Glossary of digital forensics terms

Digital forensics is a branch of the forensic sciences related to the investigation of digital devices and media. Within the field a number of "normal" forensics words are re-purposed, and new specialist terms have evolved.

Terms and definitions

acquisition
The process of creating a duplicate copy of digital media for the purposes of examining it[1]
digital media
Used within the fields to refer to the physical medium (such as a hard drive) or data storage device
eDiscovery
A common acronym for electronic discovery[2]
exhibit
Digital media seized for investigation is usually referred to as an "exhibit"[2]
hashing
Within the field "hashing" refers to the use of hash functions (e.g. CRC, SHA1 or MD5) to verify that an "image" is identical to the source media[2]
image
A duplicate copy of some digital media created as part of the forensic process[3]
imaging
Synonym of "acquisition"[1]
live analysis
Analysis of a piece of digital media from within itself; often used to acquire data from RAM where this would be lost upon shutting down the device[2]
slack space
The unused space at the end of a file in a file system that uses fixed size clusters (so if the file is smaller than the fixed block size then the unused space is simply left). Often contains deleted information from previous uses of the block
unallocated space
Clusters of a media partition not in use for storing any active files. They may contain pieces of files that were deleted from the file partition but not removed from the physical disk[4]
verification
A term used to refer to the hashing of both source media and acquired image to verify the accuracy of the copy
write blocker
The common named used for a forensic disk controller, hardware used to access digital media in a read only fashion[3]

References

  1. ^ a b Maarten Van Horenbeeck (24). "Technology Crime Investigation". http://www.daemon.be/maarten/forensics.html. Retrieved 17 August 2010. 
  2. ^ a b c d Various (2009). Eoghan Casey. ed. Handbook of Digital Forensics and Investigation. Academic Press. pp. 567. ISBN 0123742676. http://books.google.co.uk/books?id=xNjsDprqtUYC. Retrieved 27 August 2010. 
  3. ^ a b Casey, Eoghan (2004). Digital Evidence and Computer Crime, Second Edition. Elsevier. ISBN 0-12-163104-4. http://books.google.co.uk/books?id=Xo8GMt_AbQsC&hl=en&dq=Digital%20Evidence%20and%20Computer%20Crime,%20Second%20Edition&ei=it1XTMncCMm44gbC_qyFBw&sa=X&oi=book_result&ct=result&resnum=1&ved=0CDQQ6AEwAA. 
  4. ^ Aaron Phillip; David Cowen, Chris Davis (2009). Hacking Exposed: Computer Forensics. McGraw Hill Professional. pp. 544. ISBN 0071626778. http://books.google.co.uk/books?id=yMdNrgSBUq0C. Retrieved 27 August 2010. 

Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • Digital forensics — Forensic science Physiological sciences …   Wikipedia

  • List of digital forensics tools — During the 1980s, most of digital forensic investigations consisted of live analysis , examining digital media directly using non specialist tools. In the 1990s several commercial and freeware tools (both hardware and software) were created to… …   Wikipedia

  • Digital forensic process — A Tableau forensic write blocker The Digital forensic process is a recognised scientific and forensic process used in digital forensics investigations.[1][2] Forensics researcher Eoghan Casey …   Wikipedia

  • Computer forensics — Forensic science Physiological sciences …   Wikipedia

  • Mobile device forensics — Forensic science Physiological sciences …   Wikipedia

  • Network forensics — Forensic science Physiological sciences …   Wikipedia

  • Database forensics — Forensic science Physiological sciences …   Wikipedia

  • Open Computer Forensics Architecture — Developer(s) Korps landelijke politiediensten Stable release 2.2.0pl4 Development status Active Operating system Linux …   Wikipedia

  • Digital imaging — For the digital forensic process, see Acquisition (forensic process). Digital imaging or digital image acquisition is the creation of digital images, typically from a physical scene. The term is often assumed to imply or include the processing,… …   Wikipedia

  • National Software Reference Library — Abbreviation NSRL Type GO Parent organization NIST Website …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”