Digital Forensics (Glossary)

  • Autopsy - Autopsy is computer software that makes it simpler to deploy many of the open source programs and plugins used in The Sleuth Kit. The graphical user interface displays the results from the forensic search of the underlying volume making it easier for investigators to flag pertinent sections of data.

  • Chain of Custody - Chain of Custody refers to the logical sequence that records the sequence of custody, control, transfer, analysis and disposition of physical or electronic evidence in legal cases. Each step in the chain is essential as if broke, the evidence may be rendered inadmissible. Thus we can say that preserving the chain of custody is about following the correct and consistent procedure and hence ensuring the quality of evidence.

  • Computer - A computer is a machine that can be instructed to carry out sequences of arithmetic or logical operations automatically via computer programming. Modern computers have the ability to follow generalized sets of operations, called programs. These programs enable computers to perform an extremely wide range of tasks.

  • Data Acquisition - Data acquisition is the process of making a forensic image from computer media such as a hard drive, thumb drive, CDROM, removable hard drives, thumb drives, servers and other media that stores electronic data including gaming consoles and other devices.

  • Digital Evidence - Digital evidence is defined as data or information that exists in digital format, that ‘can prove’ or ‘reveal the truth’ about a crime and can be relied upon and used in a court of law. Digital evidence may be obtained from a storage device or from intercepted communications.

  • Digital Forensics - Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.

  • FAT - File Allocation Table is a file system developed for personal computers. Originally developed in 1977 for use on floppy disks, it was adapted for use on hard disks and other devices.

  • File Systems - A file system in a computer is the manner in which files are named and logically placed for storage and retrieval. It can be considered as a database or index that contains the physical location of every single piece of data on the respective storage device, such as hard disk, CD, DVD or a flash drive.

  • FTK - Forensic Toolkit, or FTK, is a computer forensics software made by AccessData. It scans a hard drive looking for various information. It can, for example, locate deleted emails and scan a disk for text strings to use them as a password dictionary to crack encryption.

  • Logs - Logs are the evidence that proves that some crime has occurred in the scene. Log file are the trail left behind by the hacker, which are the evidence of the crime scene. Thus computer forensics to be effective and validated, one must ensure secure, trust-worthy and accurate log data in file.
    Memory - In computing, memory refers to a device that is used to store information for immediate use in a computer or related computer hardware device. It typically refers to semiconductor memory, specifically metal–oxide–semiconductor memory, where data is stored within MOS memory cells on a silicon integrated circuit chip.

  • Memory Forensics - Memory forensics is a vital form of cyber investigation that allows an investigator to identify unauthorized and anomalous activity on a target computer or server. This is usually achieved by running special software that captures the current state of the system’s memory as a snapshot file, also known as a memory dump. This file can then be taken off site and searched by the investigator.

  • Mobile Forensics - Mobile device forensics is a branch of digital forensics relating to recovery of digital evidence or data from a mobile device under forensically sound conditions.

  • Non-volatile Memory - Non-volatile memory (NVM) or non-volatile storage is a type of computer memory that can retrieve stored information even after having been power cycled. In contrast, volatile memory needs constant power in order to retain data.

  • NTFS - NT file system (NTFS), which is also sometimes called the New Technology File System, is a process that the Windows NT operating system uses for storing, organizing, and finding files on a hard disk efficiently. NTFS was first introduced in 1993, as a part of the Windows NT 3.1 release.

  • Santoku - Santoku is dedicated to mobile forensics, analysis, and security, and packaged in an easy to use, Open Source platform.

  • Steganography - Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video.

  • Volatile Memory - Volatile memory, in contrast to non-volatile memory, is computer memory that requires power to maintain the stored information; it retains its contents while powered on but when the power is interrupted, the stored data is quickly lost.

  • XRY - XRY is a digital forensics and mobile device forensics product by the Swedish company Micro Systemation used to analyze and recover information from mobile devices such as mobile phones, smartphones, GPS navigation tools and tablet computers.

Escribe tu comentario
+ 2