Www.cwagweb.org



Table of ContentsThis Glossary in total contains a broad range of computer related terms, but does not represent all terms; however, the Table of Contents has been reduced to only the most common terms. Please see the Index for all terms. TOC \o "1-3" \h \z \u Accessed file date/time PAGEREF _Toc413064193 \h 2Active Data PAGEREF _Toc413064194 \h 3Address PAGEREF _Toc413064195 \h 3Age Difficult Images PAGEREF _Toc413064196 \h 3Archive file PAGEREF _Toc413064197 \h 4Attribute PAGEREF _Toc413064198 \h 4Autofill PAGEREF _Toc413064199 \h 4Authentication PAGEREF _Toc413064200 \h 4Browser PAGEREF _Toc413064201 \h 4Cache PAGEREF _Toc413064202 \h 5Chat (Internet Relay Chat) PAGEREF _Toc413064203 \h 6Child Erotica PAGEREF _Toc413064204 \h 6Child Notable PAGEREF _Toc413064205 \h 6Child Other PAGEREF _Toc413064206 \h 6Created file date PAGEREF _Toc413064207 \h 6Database PAGEREF _Toc413064208 \h 7Deleted Files PAGEREF _Toc413064209 \h 7Digital Signature PAGEREF _Toc413064210 \h 7Disk Cache PAGEREF _Toc413064211 \h 7File signature PAGEREF _Toc413064212 \h 8Free Space (AKA Unallocated Space) PAGEREF _Toc413064213 \h 8Globally Unique Identifier (GUID) [pronounced gu id] PAGEREF _Toc413064214 \h 8Graphical User Interface (GUI) [pronounced gooey] PAGEREF _Toc413064215 \h 9Hash Value PAGEREF _Toc413064216 \h 9Hidden Data (also known as a hidden file) PAGEREF _Toc413064217 \h 9Identified Child (NCMEC definition) PAGEREF _Toc413064218 \h 10Imaging PAGEREF _Toc413064219 \h 10ISP (Internet Service Provider) PAGEREF _Toc413064220 \h 10LAN (Local Area Network) PAGEREF _Toc413064221 \h 11Latent data PAGEREF _Toc413064222 \h 11Lost files (also known as Orphaned; see Orphaned) PAGEREF _Toc413064223 \h 11Malware PAGEREF _Toc413064224 \h 12MD5 HASH PAGEREF _Toc413064225 \h 12Memory (also known as RAM) PAGEREF _Toc413064226 \h 12Modified file date/time PAGEREF _Toc413064227 \h 12NCMEC (National Center for Missing & Exploited Children) PAGEREF _Toc413064228 \h 13Operating System (OS) PAGEREF _Toc413064229 \h 13Orphan File PAGEREF _Toc413064230 \h 14Partition PAGEREF _Toc413064231 \h 14Peer-to-Peer (P2P) PAGEREF _Toc413064232 \h 14RAM (Random Access Memory) PAGEREF _Toc413064233 \h 15RAM Dump PAGEREF _Toc413064234 \h 15Recognized Hash Values (NCMEC definition) PAGEREF _Toc413064235 \h 16Removable Media PAGEREF _Toc413064236 \h 16Screen Name PAGEREF _Toc413064237 \h 16System Registry PAGEREF _Toc413064238 \h 17Temporary files (Swap files, or see also Windows Swap File) PAGEREF _Toc413064239 \h 17Temporary Internet Files (TIF) PAGEREF _Toc413064240 \h 17Thumbnail PAGEREF _Toc413064241 \h 18Thumbs.db files PAGEREF _Toc413064242 \h 18Thumbscache PAGEREF _Toc413064243 \h 18Unrecognized Hash Values (NCMEC definition) PAGEREF _Toc413064244 \h 19USB Storage Devices PAGEREF _Toc413064245 \h 19Virus PAGEREF _Toc413064246 \h 19Web cache PAGEREF _Toc413064247 \h 20Web server PAGEREF _Toc413064248 \h 20Windows Swap File PAGEREF _Toc413064249 \h 20Wi-Fi PAGEREF _Toc413064250 \h 20Zip file PAGEREF _Toc413064251 \h 21Accessed file date/time XE "Accessed file date/time" On operating systems prior to Windows 7, the Accessed date/time was associated with a file last accessed date. With the newer Microsoft operating systems, the dependability of this date is marginal. Prior to Windows 7, the access date corresponded with the movement, opening, or general accessing of a file. However, the date is also impacted by Anti-virus scanners, or Windows system processes. Examiners must use caution when expressing the accessing of a file by a specific user at an exact date/time. Acquisition XE "Acquisition" The stage in a computer forensic investigation where data is collected. Most often, this is done by making bit-by-bit copies of the hard disk/media (also known as Imaging). Active Data XE "Active Data" Active or allocated space data on a computer has not been deleted and is visible to the Operating System under normal use. Active data is information residing on the direct access storage media of computer systems, which is readily visible to the operating system and/or application software with which it was created and immediately accessible to users without undeleting, modification or reconstruction (i.e., word processing and spreadsheet files, programs and files used by the computers operating system).Address XE "Address" The term address is used in several ways.An Internet address or Internet Protocol (IP) address is a unique computer (host) location on the Internet. A Web page address is expressed as the defining directory path to the file on a particular server. A Web page address is also called a Uniform Resource Locator, or URL.An e-mail address is the location of an e-mail user (expressed by the user’s e-mail name followed by an “at” sign (@) followed by the user’s server domain name).Age Difficult Images XE "Age Difficult Images" Photos or videos of human beings of an age not easily determined (cannot say with specificity the subject(s) are juveniles. The term is most often associated with pornographic images but may extend to erotica.Airplane Mode XE "Airplane Mode" Airplane mode is a setting on cell phones, smartphones and other mobile devices that prevents the device from sending or receiving calls and text messages. Airplane mode is also known as offline mode, standalone mode and flight mode.Archive file XE "Archive file" A file that contains other files (usually compressed files). It is used to store files that are not used often or files that may be downloaded from a file library by internet users.Attribute XE "Attribute" A characteristic that sets one type of data apart from another, such as the location, length, or type of data.Autofill XE "Autofill" A Web browser feature or plug-in that automatically inserts user data such as name, address and credit card number into the fields of a Web page order form or application. Autofill XE "Autofill" processing works by looking for data fields with common tags. If a non-standard name is used for certain fields, the form may not be completely filled in.Authentication XE "Authentication" The process of establishing the legitimacy of a user (or node) before allowing access to requested information. An example is for the user to enter a name or account number (identification) and password (authentication). Backup XE "Backup" A copy taken of information held on a computer in case something goes wrong with the original copy.BIOS XE "BIOS" Basic Input Output System. A program stored on the motherboard that controls interaction between the various components of the computer.Boot XE "Boot" To start a computer, more frequently used as “re-boot”. Broadband XE "Broadband" A high bandwidth internet connection (e.g. ADSL or cable).Browser XE "Browser" Short for Web Browser. A software application used to locate and display Web pages. Popular browsers include Safari, Google Chrome, Mozilla Firefox and Microsoft Internet Explorer. These are graphical browsers, which mean that they can display graphics as well as text. In addition, most modern browsers can present multimedia information, including sound and video, although they require plug-ins for some formats.Buffer XE "Buffer" An area of memory, often referred to as a ‘cache’ used to speed up access to devices. It is used for the temporary storage of data read from or waiting to be sent to a device such as a hard disk, CD-ROM, printer, or tape drive.Byte XE "Byte" In most computer systems, a byte is a unit of data generally consisting of 8 bits. A byte can represent a single character, such as a letter, a digit, or a punctuation mark. A byte consists of eight bits. The byte is a collection of bits used by computers to represent a character (i.e., "a," "1" or "&"). A "megabyte" is roughly one million bytes (1,048,576 actual bytes) and a "gigabyte" is roughly one billion bytes (1,073,741,824 actual bytes).1 kilobyte = 1,024 bytes (usually referred to as 1,000 bytes)1 megabyte = 1,024 kilobytes (usually referred to as 1,000 kilobytes) 1 gigabyte = 1,024 megabytes (usually referred to as 1,000 megabytes) 1 terabyte = 1,024 gigabytes (usually referred to as 1,000 gigabytes) 1 petabyte = 1,024 terabytes (usually referred to as 1,000 terabytes)Cache XE "Cache" A cache (pronounced CASH) is a place to store something more or less temporarily. Pages a computer user browses are stored in the web browser’s cache directory on the hard disk. When a user returns to a page they have recently browsed, the browser can retrieve the page from the cache rather than accessing a server via the internet, saving time and reducing network traffic. Two common types of cache are cache memory and disk cache.CD-R XE "CD-R" (Compact Disk - Recordable XE "Compact Disk - Recordable" \t "See CD-R" )A disk to which data can be written but not erased.CD-ROM XE "CD-ROM" (Compact Disk – Read Only Memory or Media XE "Compact Disk – Read Only Memory or Media" \t "See CD-ROM" )In computers, CD-ROM technology is a format and system for recording, storing, and retrieving electronic information on a compact disk that is read using laser optics rather than magnetic means.CD-RW XE "CD-RW" (Compact Disk – ReWritable XE "Compact Disk – ReWritable" \t "See CD-RW" )A disk to which data can be written and erased.Chat XE "Chat" (Internet Relay Chat XE "Internet Relay Chat" \t "See Chat" ) XE "Internet Relay Chat" A virtual meeting place where people from all over the world can meet and talk about a variety of human interests, ideas and issues. Participants are able to take part in group discussions utilizing one of the thousands of available IRC channels, or just talk in private to family/friends, regardless of their geographic location.Child Erotica XE "Child Erotica" Photos or videos definitively with human children as the subject matter. The images may include subject matter inclusive of nudity or suggestively clothed children but does not meet the criminal elements to satisfy the child pornography statute. In example, a child nude in a bathtub without a specific focus on genitals or explicit sexual implication.Child Notable XE "Child Notable" Pornographic photos or videos definitively involving human children by statute.Child Other XE "Child Other" Photos or videos definitively involving child human beings, not in the context of erotica or child pornography; children by pressed file XE "Compressed file" (also see Archived File)A file that has been reduced in size through a compression algorithm to save disk space. The act of compressing a file will make it unreadable to most programs until the file is uncompressed. Most common compression utilities are ZIP, Stuffit and RAR.CPU XE "CPU" XE "CPU" (Central Processing Unit XE "Central Processing Unit" \t "See CPU" )The most powerful chip in the computer. Located inside a computer, it is the “brain” that performs all arithmetic, logic and control functions.Created file date XE "Created file date" The creation date is associated with the creation of a file, and does not commonly changed by opening, closing, saving, or modifying a file.Cryptography XE "Cryptography" The process of securing private information that is sent through public networks, by encrypting it in a way that makes it unreadable to anyone except the person or persons holding the mathematical key/knowledge to decrypt the information.Database XE "Database" A structured collection of data that can be accessed in many ways. Common database programs are: Dbase, Paradox, Access. Uses: various including – address links, invoicing information, etc. Deleted Files XE "Deleted Files" If a subject knows there are incriminating files on the computer, he or she may delete them in an effort to eliminate evidence. Many computer users think that this actually eliminates the information. However, in most instances the process only marks the file space as over-writeable and depending on when and how the files are deleted, in many instances a forensic examiner is able to recover all or part of the original data.Denial of Service attacks XE "Denial of Service Attacks" (DOS)Denial of Service attacks are attempts to make a computer resource unavailable to its intended users. (e.g. a website is flooded with requests, which ties up the system and denies access to legitimate users). Digital Signature XE "Digital Signature" Use of cryptography to provide authentication of the associated input, or message.Disk Cache XE "Disk Cache" A portion of memory set aside for temporarily holding information read from a disk.Dongle XE "Dongle" A term for a small external hardware device that connects to a computer to authenticate a piece of software; e.g. proof that a computer actually has a license for the software being used.DVD XE "DVD" (Digital Versatile Disk XE "Digital Versatile Disk" \t "See DVD" )Similar in appearance to a compact disk but can store larger amounts of data.Encryption XE "Encryption" The process of scrambling, or encoding, information in an effort to guarantee that only the intended recipient can read the information.E-Mail Header XE "E-Mail Header" E-mails come in two parts – the body and the header. Normal header information gives the recipient details of time, date, sender and subject. All e-mails also come with (usually hidden) extended headers – information that is added by email programs and transmitting devices – which shows more information about the sender that is in many circumstances traceable to an individual computer on the Internet.File sharing XE "File sharing" The sharing of computer data with users having varying degrees of access privileges. Users may be able to view, write, modify, or print information to or from the shared file. File sharing is also closely associated with peer-to-peer (P2P) network activity.File signature XE "File signature" Within the file, the file signature is the information about the true program-related origin of the file and therefore its type. Tools for reading file signatures identify the true program source even if the file extension has been changed.Free Space (AKA Unallocated Space) XE "Free Space" File clusters that are not currently used for the storage of ‘live’ files, but which may contain data which has been ‘deleted’ by the operating system. In such cases, whole or partial files may be recoverable unless the user has used specialist disk cleaning software. Floppy Disk XE "Floppy Disk" These are disks that hold information magnetically. They come in two main types 3.5 inch and 5.25 inch. The 5.25 inch disks are flexible and easily damaged, the 3.5 inch disks are in a stiff case. Both are square and flat. Older machines may use larger or smaller sizes of disk.Gigabyte XE "Gigabyte" (GB)1 Gigabyte = 1024 Megabytes. A gigabyte is a measure of memory capacity and is roughly one thousand megabytes or a billion bytes. It is pronounced Gig-a-bite (with hard Gs).Globally Unique Identifier (GUID) XE "Globally Unique Identifier (GUID)" [pronounced gu id]A unique 128-bit number that is produced by the Windows OS or by some Windows applications to identify a particular component, application, file, database entry, and/or user. For instance, a Website may generate a GUID and assign it to a user's browser to record and track the session. A GUID is also used in a Windows registry to identify COM dlls. Windows also identifies user accounts by a username (computer/domain and username) and assigns it a GUID. Some database administrators will use GUIDs as primary key values in databases. GUIDs can be created in a number of ways, but usually they are a combination of a few unique settings based on specific point in time (e.g., an IP address, network MAC address XE "MAC address" , clock date/time, etc.).Graphical User Interface (GUI) XE "Graphical User Interface (GUI)" [pronounced gooey]A graphical user interface uses graphics such as a window, box, and menu to allow the user to communicate with the system. Allows users to move in and out of programs and manipulate their commands by using a pointing device (usually a mouse). Synonymous with user interface.Hacker XE "Hacker" XE "Hacker" \i Persons who are experts with computer systems and software and enjoy pushing the limits of software or hardware. Ethical hackers conduct network penetration tests to assess network security and share ideas to improve computing efficient and security. However, some hackers intentionally use their expertise for malicious purposes, (e.g. to circumvent security and commit computer crimes) and are known as ‘black hat’ hackers. Also see Cracker.Hash Value XE "Hash Value" A hash value is calculation (hashing algorithm) performed on a string of text, electronic file or entire hard drives contents, resulting in a unique alpha numeric sequence; a digital finger print. The hashing process is also referred to as a checksum, hash code or hashes (i.e. MD% SHA1, etc.). Among the different uses, hash values are used to identify and filter duplicate files (i.e. email, attachments, and loose files) or forensically verify file.Hard Disk XE "Hard Disk" The hard disk is usually inside the PC. It stores information in the same way as floppy disks but can hold far more of it.Hardware XE "Hardware" The physical parts of a computer. If it can be picked up it is hardware as opposed to software.Hidden Data (also known as a hidden file) XE "Hidden Data" A file with a special hidden attribute turned on, so that the file is not normally visible to users. For example, hidden files are not listed when you execute the DOS DIR command. However, most file management utilities allow you to view hidden files. DOS hides some files, such as MSDOS.SYS and IO.SYS, so that you will not accidentally corrupt them. You can also turn on the hidden attribute for any normal file, thereby making it invisible to casual snoopers. On a Macintosh, you can hide files with the ResEdit utility.Host XE "Host" On the Internet, a host is any computer that has full two-way access to other computers on the Internet. A host has a specific local or host number that, together with the network number, forms its unique Internet Protocol address. If Point-to-Point Protocols (PPP) are used to get access to the Internet Service Provider (ISP), then a unique IP address is granted for the duration of any connection made to the Internet and the user’s computer is a host for that period.HUB XE "HUB" A central connection for all the computers in a network, which is usually Ethernet-based. Information sent to the hub can flow to any other computer on the network.Identified Child XE "Identified Child" (NCMEC definition)These exact hash values are associated with an image/video which appears to depict at least one (1) child previously identified by law enforcement. Please be advised that these hash values may be associated with apparent child pornography images/videos as well as files that do not contain apparent child pornography.Imaging XE "Imaging" Two common levels are associated with imaging: Logical and Physical. Logical imaging collects all of the active (allocated) space files. Physical imaging is the process that collects all data on the storage device (e.g. hard disk, flash drive) from the active and free (allocated and unallocated) space. IMEI XE "IMEI" (International Mobile Equipment Identifier XE "International Mobile Equipment Identifier" \t "See IMEI" )A unique 15-digit number that serves as the serial number of a GSM handset.IMSI (International Mobile Subscriber Identity XE "International Mobile Subscriber Identity" \t "See IMSI" )A globally unique code number that identifies a Global System for Mobiles (GSM) handset subscriber to the network. ISP XE "ISP" (Internet Service Provider XE "Internet Service Provider" \t "See ISP" )A company that sells access to the Internet and/or provides an internet-based service. JPEG XE "JPEG" (Joint Photographic Experts Group XE "Joint Photographic Experts Group" \t "See" ) [Pronounced jay-peg] A common format for the storage of digital images. An acronym for Joint Photographic Experts Group. JPEGs commonly have the file extension, "jpg"Kilobyte XE "Kilobyte" (KB XE "KB" \t "See Kilobyte" )1 Kilobyte = 1024 bytes.LAN XE "LAN" (Local Area Network)A local computer network for communication between computers, especially a network connecting computers and other electronic office equipment to create a communication system between offices.Latent data XE "Latent data" Similar to latent fingerprints, latent data is created by actions (activity) on the digital device and recoverable, even though the data is not always visible to the user.LINUX XE "LINUX" An operating system popular with enthusiasts and used by some businesses.Lost files (also known as Orphaned; see Orphaned) XE "Lost files" “Lost Files” and “Recovered Folders” are terms used by digital forensic examiners and software developers (i.e. Encase). The terms denote the identification of deleted files/folders, that may be recoverable, even though the parent directory (the entry in the computers directory) has been lost or deleted. These “orphaned” folders can be recovered using computer forensic software. MAC address (Media Access Control address XE "Media Access Control address" \t "See MAC address" ) XE "MAC address" A unique identifying number built (or ‘burned’) into a network interface card by the manufacturer. Also known as the hardware address or ethernet address. A unique identifier specific to the network card inside a computer. MAC addresses are written as XX–XX–XX–XX–XX–XX, where Xs represent digits or letters from A to F. Macro Virus XE "Macro Virus" A virus attached to instructions (called macros) which are executed automatically when a document is opened. Malware XE "Malware" The term Malware is short for "malicious software," malware refers to software programs designed to damage or do other unwanted actions on a computer system. Common examples of malware include viruses, worms, trojan horses, and spyware. Viruses, for example, can cause havoc on a computer's hard drive by deleting files or directory information. Spyware can gather data from a user's system without the user knowing it. This can include anything from the Web pages a user visits to personal information, such as credit card numbers.Master Boot Record XE "Master Boot Record" The very first sector of a physical disk (absolute sector 0) is where the master boot record is stored. It contains machine code to enable the computer to find the partition table and the operating system. One of the first things a computer does when it starts up is to load this code into memory and execute it. This ‘boot code’ is tasked with read the partition table and decide how the disk has been structured, and which partition contains the bootable operating system.MD5 HASH XE "MD5 HASH" An algorithm created in 1991 by Professor Ronald Rivest that is used to create digital fingerprints of storage media, such as a computer hard drive. When this algorithm is applied to a hard drive, it creates a unique value. Changing the data on the disk in any way will change the MD5 value.Megabyte XE "Megabyte" (MB XE "MB" \t "See Megabyte" )1 Megabyte = 1024 Kilobytes.Memory (also known as RAM) XE "Memory" Often used as a shorter synonym for random access memory (RAM). Memory is the electronic holding place for instructions and data that a computer’s microprocessor can reach quickly. RAM is located on one or more microchips installed in a computer.Modified file date/time XE "Modified file date/time" This date as shown by Windows there has been a change to the file itself.MP3 XE "MP3" An acronym for MPEG-1 or MPEG-2 audio layer 3. MP3 is the file extension for MPEG audio layer 3. Layer 3 is one of three coding schemes for the compression of audio signals. Layer 3 uses perceptual audio coding and psychoacoustic compression to remove the redundant and irrelevant parts of a sound signal.MPG or MPEG XE "MPG or MPEG" (Moving Picture Experts Group XE "Moving Picture Experts Group" \t "See MPG" )A standard for compressing full motion video. MPEG files frequently have an .mpg file extension.Modem XE "Modem" (Modulator / Demodulator) A device that connects a computer to a data transmission line (typically a telephone line). Most people use modems that transfer data at speeds ranging from 1200 bits per second (bps) to 56 Kbps. There are also modems providing higher speeds and supporting other media. These are used for special purposes - for example to connect a large local network to its network provider over a leased line.Monitor XE "Monitor" A device on which the computer displays information.Mouse XE "Mouse" Device that, when moved, relays speed and direction to the computer, usually moving a desktop pointer on the screen.NCMEC XE "NCMEC" (National Center for Missing & Exploited Children)The National Center for Missing & Exploited Children? (NCMEC) was established in 1984 as a private, nonprofit 501(c)(3) organization. NCMEC provides services nationwide for families and professionals in the prevention of abducted, endangered, and sexually exploited children. Pursuant to its mission and its congressional authorization (see 42 U.S.C. § 5773), NCMEC operates the CyberTipline and the Child Victim Identification Program (CVIP) to assist law enforcement in identifying victims of child pornography and child sexual exploitation and works with law enforcement, Internet service providers, electronic payment service providers, and others to reduce the distribution of child sexual exploitation images and videos over the Internet. NCMEC does not investigate and cannot verify the accuracy of the information reported to NCMEC. NCMEC forwards reports of child sexual exploitation to law enforcement for purposes of investigation and disposition.Operating System XE "Operating System" (OS XE "OS" \t "See Operating System" )This software is usually loaded into the computer memory upon switching the machine on and is a prerequisite for the operation of any other software. Examples include the Microsoft Windows family of operating systems (including 3.x, NT, 2000, XP and Vista) and UNIX operating systems and their variants like Linux, HP-UX, Solaris and Apple’s Mac OSX and BSD.Orphan File XE "Orphan File" “Orphan” and “Recovered Folders” are terms used by FTK computer forensic software. They are deleted folders, which may contain files, subfolders, and files within subfolders, that have been recovered from a disk partition where the information about the parent folder has been lost or deleted. Partition XE "Partition" Partitions are contiguous areas, or divisions, of the hard drive that are made to hold a particular operating system’s file system. There are two types of partitions; primary and extended. Primary partitions are assigned a single, logical drive letter (e.g. “C”) by the operating system when it boots, but extended partitions can contain multiple, logical drives, each of which will be assigned its own drive letter. A single hard drive can contain up to four partitions, with a maximum of one being the extended partition. Password XE "Password" A word, phrase or combination of keystrokes used as a security measure to limit access to computers or software. Peer-to-Peer XE "Peer-to-Peer" (P2P XE "P2P" \t "See Peer-to-Peer" )P2P allows the sharing and delivery of user specified files among individuals or groups of people who are logged on to a file-sharing network. Napster was the first mainstream P2P software that enabled large scale file sharing. P2P networks are used to share multimedia files, such as music and movies. Typically, users place files they want to share with others in a “shared” folder on their computer. To access a P2P network you need to download, install and run a P2P tool (P2P client software). The P2P software allows users to search for the types and names of files they are interested in downloading. Examples of currently popular P2P software include Kazaa, Limewire and BitTorrent. Personal Computer XE "Personal Computer" (PC XE "PC" \t "See Personal Computer" )A term commonly used to describe IBM & compatible computers. The term can describe any computer useable by one person at a time.Phishing XE "Phishing" Internet fraud perpetrated through an e-mail linking to a website simulating a legitimate financial organization; once on the fake Website, victims are tricked into revealing a security access code, credit card or Social Security number, user ID, or password, which is then used by the thieves to steal the victim’s financial resources. Port XE "Port" The word port has three meanings:Where information goes into or out of a computer, e.g. the serial port on a personal computer is where a modem would be connected. Relating to communication protocols used in computer networking, a port is a number present in the header of a data packet. Ports are typically used to map data to a particular process running on a computer. For example, port 25 is commonly associated with email, port 80 with open web browsing and port 443 with secure websites.It also refers to translating a piece of software to bring it from one type of computer system to another (e.g. to translate a window programmed so that it will run on a Macintosh).Public Domain Software XE "Public Domain Software" Any program that is not copyrighted.Query XE "Query" To search or ask. In particular, to request information in a search engine, index directory or database. RAM XE "RAM" (Random Access Memory XE "Random Access Memory" \t "See RAM" )RAM chips that provide rapid access to information. This information can be read and written. There are two basic types of RAM: Dynamic RAM (DRAM); Static RAM (SRAM). The two types differ in the technology they use to hold data, DRAM being the more common type, which needs to be refreshed thousands of times per second. Static RAM does not need to be refreshed, which makes it faster; but it is also more expensive than dynamic RAM. Both types of RAM are volatile, meaning that they lose their contents when the power is turned off. In common usage, the term ‘RAM’ is synonymous with main memory, the memory available to programs. In contrast, ROM (read-only memory) refers to special memory used to store programs that boot the computer and perform diagnostics.RAM Dump XE "RAM Dump" The process of exporting (collecting) the RAM of a running computer system for further forensic analysis.Recognized Hash Values XE "Recognized Hash Values" (NCMEC definition)These exact hash values are associated with files previously submitted to the National Center for Missing & Exploited Children (NCMEC's) Child Recognition and Identification System. However, NCMEC has no additional information regarding these files, which may or may not contain apparent child pornography or depict identified children. As a result, these hash values will not be listed in the pdf version of the NCMEC Initial Hash Value Comparison Report.Removable Media XE "Removable Media" Items e.g. floppy disks, CDs, DVDs, cartridges, tapes that store data and can be easily removed. Removable Media Cards XE "Removable Media Cards" Small-sized data storage media which are more commonly found in other digital devices such as cameras, PDAs (Personal Digital Assistants) and music players. They can also be used for the storage of normal data files, which can be accessed and written to by computers.There are a number of these including:Smartmedia CardSD Expansion Card Ultra Compact FlashCompact Flash Multimedia CardMemory StickThe cards are non-volatile – they retain their data when power to their device is stopped – and they can be exchanged between devices.Screen Name XE "Screen Name" The name selected/created/assigned for association with a specific user profile; often seen when communicating with others online. A screen name can be a person’s real name, a variation of the person’s real name, or it can be a pseudonym (handle). Screen names are required for instant messaging (IM) applications.Secure wipe XE "Secure wipe" The overwriting all material on a disk with a known value to eliminate (render null) the value of previously existing data. Secure wipes are verifiable and can be authenticated for forensic purposes.Shareware XE "Shareware" Software that is distributed free on a trial basis with the understanding that, if it is used beyond the trial period, the user will pay. Some shareware versions are programmed with a built-in expiration date.SIM XE “SIM” (Subscriber Identity Module XE “Subscriber Identity Module” \t “See SIM” )A Smart Card which is inserted into a cellular phone, identifying the user account to the network and providing storage for data.Software XE “Software” The pre-written programs designed to assist in the performance of a specific task, such as network management, web development, file management, word processing, accounting or inventory management. System Registry XE “System Registry” The system configuration files used by Microsoft Windows to store settings about user preferences, installed software, hardware and drivers, and other settings required for Windows to run correctly.System Unit XE “System Unit” Usually the largest part of a PC, the system unit is a box that contains the major components. It usually has the drives at the front and the ports for connecting the keyboard, mouse, printer and other devices at the back. Temporary files XE “Temporary files” (Swap files, or see also Windows Swap File XE “Swap files” \t “See Temporary files” )Many computers use operating systems and applications that store data temporarily on the hard drive. These files, which are generally hidden and inaccessible, may contain information that the investigator finds useful.Temporary Internet Files XE “Temporary Internet Files” (TIF)Temporary Internet files are a collection of the most recent web pages and files downloaded from the Internet. The files are stored in the “Temporary Internet Files” folder, which acts as a cache so that subsequent Internet browser requests are retrieved from the local hard disk to improve speed. When the user requests the same webpage again, a request is sent to the website for the date of the file. If the date is newer than the one stored locally, the page is downloaded. If the request is the same, the page is read locally from the files stored in the “Temporary Internet Files” folder. Testing with Microsoft Internet Explorer shows that only files stored in the “Temporary Internet Files” folder, and not files on local, removable or network drives that are opened or viewed with Internet Explorer.Thumbnail XE "Thumbnail" A miniature representation of a page or an image used to identify a fileby its contents. Clicking the thumbnail opens the file. Thumbnails arean option in file managers, such as Windows Explorer, and they are foundin photo editing and graphics program to quickly browse multiple imagesin a folder. Thumbs.db files XE “Thumbs.db files” The creation and storage of thumbnails changed with the introduction of Windows Vista, prior to Vista anytime thumbnails view was enabled or had been enabled in Microsoft Windows the hidden file thumbs.db was automatically created. This file contained the information required by Windows to display the thumbnails for each of the icons and would be placed in every folder as thumbnails were and image was viewed. Windows Vista and newer versions of Microsoft Operating Systems, use Thumbscache; see Thumbscache.Thumbscache XE "Thumbscache" Vista and newer version of the Microsoft Operating system use a central cache of thumbnail images distributed throughout the computer; Thumbcache_256.db, Thumbcache_1024.db. A central index, Thumbcache_idx.db, facilitates access to the thumbnails in the individual caches.Thumbcache_idx.db - The thumbcache_idx.db index file contains file references for thumbnails cached on a Vista computer. Under each reference it stores the location of thumbnails in the individual size-based caches. It also stores date and time data which is useful for forensic analysis. The thumbcaches are not only used for the storing of images but are used for other purposes by the operating system. As a result, the thumbcache entries may not contain image data.Thumbcache_256.db - The thumbcache_256.db file is used to contain other data for file system reference purposes. This means that a thumbcache_256.db file willcontain many entries which do not contain image data. DM Thumbs willshow a marker image when no image data is available but will stilldisplay data stored in respect of that entry.Thumbcache_1024.db - The thumbcache_1024.db file contains cached images up to 1024 x 1024 in size. As such the file is not only useful for forensic analysis but may also provide reasonable quality images when photos or other images have been lost or deleted. DM Thumbs can also be used for photo recovery.Trojan Horse XE “Trojan Horse” A computer program that hides or disguises another program. The victim starts what he or she thinks is a safe program and instead willingly accepts something that may do harm to the system on which it runs.Unrecognized Hash Values XE “Unrecognized Hash Values” (NCMEC definition)These exact hash values are associated with images/videos that have not yet been submitted to NCMEC’s Child Recognition and Identification System.USB Storage Devices XE “USB Storage Devices” Small storage devices accessed using a computer’s USB ports, that allow the storage of large volumes of data files and which can be easily removed, transported – and concealed. They are about the size of a car key or highlighter pen and can even be worn around the neck on a lanyard. They now come in many forms and may look like something entirely different such as a watch or a Swiss Army knifeUSIM XE “USIM” An enhancement of the Subscriber Identity Module (SIM) card designed to be used in Third Generation (3G) networks.Virus XE “Virus” A computer virus is a computer program that can copy itself and infect a computer without the permission (and often without knowledge) of the user. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or carrying it on a removable medium such as a floppy disk, CD, or USB drive. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer. Some are harmless (messages on the screen etc.), whilst others are destructive (e.g. Loss or corruption of information).Virtual Storage XE “Virtual Storage” A ‘third party’ storage facility on the internet, enabling data to be stored and retrieved from any browser. Examples include Xdrive and . Volatile memory XE “Volatile memory” Memory that loses its content when power is turned off or lost.Volume boot sector XE “Volume boot sector” Since every partition may contain a different file system, each partition contains a ‘volume boot sector’ that is used to describe the type of file system on the partition and usually contains the boot code necessary to mount a file system. This code is different from the Master Boot Record. The job of the volume boot code is to find a file in the root folder (io.sys in the case of DOS) that is then loaded and run to continue the boot process at a higher level. On Linux systems, the LILO boot loader serves the same purpose. It locates the Super Block that describes the rest of the file system.WAN XE “WAN” Wide Area NetworkWeb cache XE “Web cache” Web caching is a technique to improve Web browser performance by storing frequently requested Web pages, images, and other Web objects in a special location on the user’s hard drive for faster access. On subsequent requests for the same object, the cache delivers the object from its storage rather than passing the request on to the origin server.Web server XE “Web server” A computer on the Internet or intranet that serves as a storage area for a Web page. When asked by a Web browser, the server sends the page to the browser.Windows XE “Windows” Operating system marketed by Microsoft. In use on desktop PCs, the system automatically loads into the computer’s memory in the act of switching the computer on. MS-DOS, Windows, Windows 3.0, Windows 95, Windows 98, Office XP, Windows XP, Windows NT, Windows Vista and Windows Server are registered trademarks of Microsoft Corporation.Windows Swap File XE “Windows Swap File” Also known as the Page file, or Pagesys file. A virtual memory file used by Microsoft Windows as a kind of scratch pad during most operations. The Swap file is usually quite large and often contains records of operations or remnants of files not found elsewhere.Wi-Fi XE "Wi-Fi" Wi-Fi is the name of a popular wireless networking technology that uses radio waves to provide wireless high-speed Internet and network connections. A common misconception is that the term Wi-Fi is short for "wireless fidelity," however this is not the case. Wi-Fi is simply a trademarked term meaning IEEE 802.11x.Worm XE "Worm" Worms are similar to viruses but are capable of moving from computer-to-computer over a network without being carried by another program and without the need for any human interaction to do so.Wireless Network Card XE "Wireless Network Card" An expansion card present in a computer that allows cordless connection between that computer and other devices on a computer network. This replaces the traditional network cables. The card communicates by radio signals to other devices present on the network.Zip file XE “Zip file” A popular data compression format. Files that have been compressed with the ZIP format are called ZIP files and usually end with a .ZIP extension.Index INDEX \e "" \c "2" \z "1033" Accessed file date/time3Acquisition3Active Data3Address3Age Difficult Images3Airplane Mode4Archive file4Attribute4Authentication4Autofill4Backup4BIOS4Boot4Broadband4Browser5Buffer5Byte5Cache5CD-R5CD-ROM5CD-RW6Central Processing UnitSee CPUChat6Child Erotica6Child Notable6Child Other6Compact Disk – Read Only Memory or MediaSee CD-ROMCompact Disk - RecordableSee CD-RCompact Disk – ReWritableSee CD-RWCompressed file6CPU6Created file date6Cryptography7Database7Deleted Files7Denial of Service Attacks7Digital Signature7Digital Versatile DiskSee DVDDisk Cache7Dongle7DVD7E-Mail Header8Encryption8File sharing8File signature8Floppy Disk8Free Space8Gigabyte8Globally Unique Identifier (GUID)9Graphical User Interface (GUI)9Hacker9Hard Disk9Hardware9Hash Value9Hidden Data10Host10HUB10Identified Child10Imaging10IMEI10International Mobile Equipment IdentifierSee IMEIInternational Mobile Subscriber IdentitySee IMSIInternet Relay Chat6, See ChatInternet Service ProviderSee ISPISP11Joint Photographic Experts GroupSeeJPEG11KBSee KilobyteKilobyte11LAN11Latent data11LINUX11Lost files11MAC address9, 11Macro Virus11Malware12Master Boot Record12MBSee MegabyteMD5 HASH12Media Access Control addressSee MAC addressMegabyte12Memory12Modem13Modified file date/time12Monitor13Mouse13Moving Picture Experts GroupSee MPGMP313MPG or MPEG13NCMEC13Operating System14Orphan File14OSSee Operating SystemP2PSee Peer-to-PeerPartition14Password14PCSee Personal ComputerPeer-to-Peer14Personal Computer14Phishing15Port15Public Domain Software15Query15RAM15RAM Dump16Random Access MemorySee RAMRecognized Hash Values16Removable Media16Removable Media Cards16Screen Name16Secure wipe17Shareware17SIM17Software17Subscriber Identity ModuleSee SIMSwap filesSee Temporary filesSystem Registry17System Unit17Temporary files17Temporary Internet Files18Thumbnail18Thumbs.db files18Thumbscache18Trojan Horse19Unrecognized Hash Values19USB Storage Devices19USIM19Virtual Storage20Virus19Volatile memory20Volume boot sector20WAN20Web cache20Web server20Wi-Fi21Windows20Windows Swap File21Wireless Network Card21Worm21Zip file21 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download