Computer Forensics - Glossary and Explaination of Terms
The term address is used in several ways.
- An Internet address or Internet Protocol (IP) address is a unique computer (host) location on the Internet.
- A Web page address is expressed as the defining directory path to the file on a particular server.
- A Web page address is also called a Uniform Resource Locator, or URL.
- An e-mail address is the location of an e-mail user (expressed by the user's e-mail name followed by an "at" sign (@) followed by the user's server domain name).
A file that contains other files (usually compressed files). It is used to store files that are not used often or files that may be downloaded from a file library by Internet users.
A copy taken of information held on a computer in case something goes wrong with the original copy.
Basic Input Output System. A program stored on the motherboard that controls interaction between the various components of the computer.
To start a computer, more frequently used as "re-boot".
Refers to a disk that contains the files needed to start an operating system.
A high bandwith internet connection e.g. ADSL or cable.
An area of memory used to speed up access to devices. It is used for temporary storage of the data read from or waiting to be sent to a device such as a hard disk, CD-ROM, printer or tape drive.
BULLETIN BOARD SERVICE (BBS)
A BBS is like an electronic corkboard. It is a computer system equipped for network access that serves as an information and message-passing centre for remote users. BBSs are generally focused on special interests, such as science fiction, movies, Windows software, or Macintosh systems. Some are free, some are fee-based access and some are a combination.
In most computer systems, a byte is a unit of data consisting of 8 bits. A byte can represent a single character, such as a letter, a digit, or a punctuation mark.
A cache (pronounced CASH) is a place to store something more or less temporarily. Pages you browse to are stored in your web browser's cache directory on your hard disk. When you return to a page you have recently browsed to, the browser can retrieve the page from the cache rather than the original server, saving you time and the network the burden of some additional traffic. Two common types of cache are cache memory and a disk cache.
Channel Data Format: a system used to prepare information for Web-casting.
Compact Disk – Recordable. A disk to which data can be written but not erased.
Compact Disk – Read Only Memory or Media. In computers, CD-ROM technology is a format and system for recording, storing, and retrieving electronic information on a compact disk that is read using laser optics rather than magnetic means.
Compact Disk – Rewritable. A disk to which data can be written and erased.
Complementary Metal-Oxide Semi-Conductor. It commonly holds the BIOS preference of the computer through power off with the aid of a battery.
Central Processing Unit. The most powerful chip in the computer. Located inside a computer, it is the "brain" that performs all arithmetic, logic and control functions.
A computer expert who uses his or her skill to break into computer systems by circumventing security measures(cracking). The term was coined to provide an alternative to using the word 'hacker' to mean this, although the common usage remains more popular.
Cyclic Redundancy Check. A common technique for detecting data transmission errors.
The process of securing private information that is sent through public networks, by encrypting it in a way that makes it unreadable to anyone except the person or persons holding the mathematical key/knowledge to decrypt the information.
Structured collection of data that can be accessed in many ways. Common database programs are: Dbase, Paradox, Access. Uses: various including – address links, invoicing information, etc.
If a subject knows there are incriminating files on the computer, he or she may delete them in an effort to eliminate evidence. Many computer users think that this actually eliminates the information. However, depending on how the files are deleted, in many instances a forensic examiner is able to recover all or part of the original data.
DENIAL OF SERVICE ATTACKS (DOS)
Denial of Service Attacks are attempts to make a computer resource unavailable to its intended users. e.g. a web site is flooded with requests, which ties up the system and denies access to legitimate users.
Use of cryptography to provide authentication of the associated input, or message.
A portion of memory set aside for temporarily holding information read from a disk.
A term for a small external hardware device that connects to a computer to authenticate a piece of software; e.g. proof that a computer actually has a licence for the software being used.
Digital Versatile Disk. Similar in appearance to a compact disk, but can store larger amounts of data.
The process of scrambling, or encoding, information in an effort to guarantee that only the intended recipient can read the information.
E-mails come in two parts – the body and the header. Normal header information gives the recipient details of time, date, sender and subject. All e-mails also come with (usually hidden) extended headers – information that is added by email programs and transmitting devices – which shows more information about the sender that is in many circumstances traceable to an individual computer on the Internet.
File clusters that are not currently used for the storage of 'live' files, but which may contain data which has been 'deleted' by the operating system. In such cases, whole or part files may be recoverable unless the user has used specialist disk cleaning software.
These are disks that hold information magnetically. They come in two main types 3.5 inch and 5.25 inch.The 5.25 inch disks are flexible and easily damaged, the 3.5 inch disks are in a stiff case. Both are square and flat. Older machines may use larger or smaller sizes of disk.
1 Gigabyte = 1024 Megabytes. A gigabyte is a measure of memory capacity and is roughly one thousand megabytes or a billion bytes. It is pronounced Gig-a-bite (with hard Gs).
Persons who are experts with computer systems and software and enjoy pushing the limits of software or hardware. To the public and the media, they can be good or bad. Some hackers come up with good ideas this way and share their ideas with others to make computing more efficient. However, some hackers intentionally use their expertise for malicious purposes,(e.g. to circumvent security and commit computer crimes) and are known as 'black hat' hackers. Also see Cracker.
The hard disk is usually inside the PC. It stores information in the same way as floppy disks but can hold far more of it.
The physical parts of a computer. If it can be picked up it is hardware as opposed to software.
For the purpose of this document, a host machine is one which is used to accept a target hard drive for the purpose of forensically processing.
A central connection for all the computers in a network, which is usually Ethernet-based. Information sent to the hub can flow to any other computer on the network.
Imaging is the process used to obtain all of the data present on a storage media (e.g. hard disk), whether it is active data or data in free space, in such a way as to allow it to be examined as if it were the original data.
International Mobile Equipment Identifier. A unique 15-digit number that serves as the serial number of a GSM handset.
International Mobile Subscriber Identity. A globally unique code number that identifies a Global System for Mobiles (GSM) handset subscriber to the network.
INTERNET RELAY CHAT
A virtual meeting place where people from all over the world can meet and talk about a diversity of human interests, ideas and issues. Participants are able to take part in group discussions on one of the many thousands of IRC channels, or just talk in private to family or friends, wherever they are in the world.
Internet Service Provider. A company that sells access to the Internet via telephone or cable line to your home or office. This will normally be free - where the user pays for the telephone charge of a local call - or by subscription - where a set monthly fee is paid and the calls are either free or at a minimal cost.
A high capacity proprietary removable hard disk system from a company named Iomega.
1 Kilobyte = 1024 bytes.
An operating system popular with enthusiasts and used by some businesses.
A virus attached to instructions (called macros) which are executed automatically when a document is opened.
A disk, tape, cartridge, diskette or cassette that is used to store data magnetically.
An algorithm created in 1991 by Professor Ronald Rivest that is used to create digital fingerprints of storage media, such as a computer hard drive. When this algorithm is applied to a hard drive, it creates a unique value. Changing the data on the disk in any way will change the MD5 value.
1 Megabyte = 1024 Kilobytes.
Often used as a shorter synonym for random access memory (RAM). Memory is the electronic holding place for instructions and data that a computer's microprocessor can reach quickly. RAM is located on one or more microchips installed in a computer.
Modulator / Demodulator. A device that connects a computer to a data transmission line (typically a telephone line). Most people use modems that transfer data at speeds ranging from 1200 bits per second (bps) to 56 Kbps. There are also modems providing higher speeds and supporting other media. These are used for special purposes - for example to connect a large local network to its network provider over a leased line.
A device on which the computer displays information.
Device that, when moved, relays speed and direction to the computer, usually moving a desktop pointer on the screen.
Microsoft Disk Operating System. Operating system marketed by Microsoft. This was once the most common operating system in use on desktop PCs, which automatically loads into the computer memory in the act of switching the computer on. Often only referred to as DOS.
This software is usually loaded into the computer memory upon switching the machine on and is a prerequisite for the operation of any other software. Examples include the Microsoft Windows family of operating systems (including 3.x, NT, 2000, XP and Vista) and UNIX operating systems and their variants like Linux, HP-UX, Solaris and Apple's Mac OSX and BSD.
A high capacity removable hard disk system. ORB drives use magnetoresistive (MR) read/write head technology.
A word, phrase or combination of keystrokes used as a security measure to limit access to computers or software.
Similar in size to credit cards, but thicker. These cards are inserted into slots in a Laptop or Palmtop computer and provide many functions not normally available to the machine (modems, adapters, hard disks, etc.)
PERSONAL COMPUTER (PC)
A term commonly used to describe IBM & compatible computers. The term can describe any computer useable by one person at a time.
PERSONAL ORGANISER or Personal Digital Assistant
(PDA) These are pocket-sized machines usually holding phone and address lists and diaries. They often also contain other information. Modern PDAs take many forms and may best be described as a convergent device capable of carrying out the functions of a multitude of devices.
Software that has been illegally copied.
The word port has three meanings:
- Where information goes into or out of a computer, e.g. the serial port on a personal computer is where a modem would be connected.
- In the TCP and UDP protocols used in computer networking, a port is a number present in the header of a data packet. Ports are typically used to map data to a particular process running on a computer. For example, port 25 is commonly associated with SMTP, port 80 with HTTP and port 443 with HTTPS.
- It also refers to translating a piece of software to bring it from one type of computer system to another, e.g. to translate a window programme so that it will run on a Macintosh.
PUBLIC DOMAIN SOFTWARE
Any programme that is not copyrighted.
Personal Unblock Key. PUK is the code to unlock a GSM SIM card that has disabled itself after an incorrect PIN was entered three times in a row.
To search or ask. In particular, to request information in a search engine, index directory or database.
Random Access Memory is a computer's short-term memory. It provides working space for the PC to work with data at high speeds. Information stored in the RAM is lost when the PC is turned off ('volatile data').
Items e.g. floppy disks, CDs, DVDs, cartridges, tapes that store data and can be easily removed.
REMOVABLE MEDIA CARDS
Small-sized data storage media which are more commonly found in other digital devices such as cameras, PDAs (Personal Digital Assistants) and music players. They can also be used for the storage of normal data files, which can be accessed and written to by computers.
There are a number of these including –
SD Expansion Card
Ultra Compact Flash
The cards are non-volatile – they retain their data when power to their device is stopped – and they can be exchanged between devices.
Software that is distributed free on a trial basis with the understanding that, if it is used beyond the trial period, the user will pay. Some shareware versions are programmed with a built-in expiration date.
Subscriber Identity Module. A Smart Card which is inserted into a cellular phone, identifying the user account to the network and providing storage for data.
The area of disk between the end of live data, and the end of its allocated area on disk. A common form of Slack Space is found between the end of a live file and the end of its allocated disk cluster; this is more specifically referred to as 'File Slack' or 'Cluster Slack'.
Plastic cards, typically with an electronic chip embedded, that contain electronic value tokens. Such value is disposable at both physical retail outlets and on-line shopping locations.
The pre-written programs designed to assist in the performance of a specific task, such as network management, web development, file management, word processing, accounting or inventory management.
A typically a small, flat box with 4 to 8 Ethernet ports. These ports can connect to computers, cable or DSL modems, between specific systems on the network as opposed to broadcasting information to all networked connections.
Usually the largest part of a PC, the system unit is a box that front and the ports for connecting the keyboard, mouse, printer and other devices at the back.
A long strip of magnetic coated plastic. Usually held in cartridges (looking similar to video, audio or camcorder tapes), but can also be held on spools (like reel to reel audio tape). Used to record computer data, usually a backup of the information on the computer.
A computer program that hides or disguises another program. The victim starts what he or she thinks is a safe program and instead willingly accepts something also designed to do harm to the system on which it runs.
A very popular operating system. Used mainly on larger, multi-user systems.
USB STORAGE DEVICES
Small storage devices accessed using a computer's USB ports, can be easily removed, transported – and concealed. They are worn around the neck on a lanyard. They now come in many watch or a Swiss Army knife
An enhancement of the Subscriber Identity Module (SIM) card designed to be used in Third Generation (3G) networks.
A program that allows computer data to be backed up to standard video. When viewed, the data is presented as a series of dots and dashes.
A computer virus is a computer program that can copy itself knowledge) of the user. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or carrying it on a removable medium such as a floppy disk, CD, or USB drive. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer. Some are harmless (messages on the screen etc.), whilst others are destructive (e.g. Loss or corruption of information).
A 'third party' storage facility on the internet, enabling data to be stored and retrieved from any browser. Examples include Xdrive and Freeway.com.
Operating system marketed by Microsoft. In use on desktop PCs, the system automatically loads into the computer's memory in the act of switching the computer on. MS-DOS, Windows, Windows 3.0, Windows 95, Windows 98, Office XP, Windows XP, Windows NT, Windows Vista and Windows Server are registered trademarks of Microsoft Corporation.
Used for typing letters, reports and documents. Common Word Processing programs: Wordstar, Wordperfect and MS-Word.
Like a virus but is capable of moving from computer to computer over a network without being carried by another program and without the need for any human interaction to do so.
WIRELESS NETWORK CARD
An expansion card present in a computer that allows cordless connection between that computer and other devices on a computer network. This replaces the traditional network cables. The card communicates by radio signals to other devices present on the network.
A proprietary 3.5-inch removable disk drive produced by Iomega. The drive is bundled with software that can catalogue disks and lock files for security.
A popular data compression format. Files that have been compressed with the ZIP format are called ZIP files and usually end with a .ZIP extension.