DIGITAL FORENSICS GLOSSARY
Navigate our expanding digital forensics glossary to find topic related terms and their definitions.
The Association of Chief Police Officers (ACPO) Good Practice Guide for Computer Based Electronic Evidence.
Active Files (or Live Files)
Files on a digital device that haven’t been deleted and are readily visible and accessible to the user under normal operation.
A bit, short for binary digit, is the smallest unit of measurement used to quantify digital data. It contains a single binary value of either 0 or 1.
The deliberate exploitation of digital devices, computer networks or technology-dependent enterprises to steal, alter or destroy a specific target. Attacks are carried out by spreading malicious programs, creating fake websites or gaining unauthorised access and often cause far-reaching damage.
Referring to errors in digital data when unintended changes are introduced during transmission, storing, processing or reading, making the information unusable.
The application of investigative and analytical techniques to identify, preserve, extract and document digital evidence in a way that’s suitable for presentation in a court of law.
The process of rendering a file unreadable by converting data into a code, preventing authorized access.
The process of recovering files from a digital device that have been deleted but not yet completely overwritten. It works by scanning the raw bytes of a disk drive and reassembling them.
A hash is a unique numerical identifier, displayed as a set of numbers and letters and assigned to an image or a file. Similar to a fingerprint, it’s incredibly unlikely that two images containing different content would ever generate the same hash, helping to identify, verify and authenticate electronic evidence.
The process of hash matching works by importing a list of hashes connected to files containing malware, intellectual property, illicit images and other suspect material into a forensic tool and then comparing them against all the files within the system, flagging any common matches.
A generic term for a threat to an organisation’s security that comes from within, for example, a former or current employee, contractor or third party. Common insider threats include sabotage, theft, fraud, abusing access rights and espionage.
The process of performing an on-the-spot analysis of digital media, rather than switching it off and sending it to a lab. This method often proves to be the best way of capturing evidence as it reduces the risk of information being modified and offers more opportunity to retrieve volatile data.
An examination technique used to identify relevant evidence on a digital device by searching the acquired content using a pre-determined list of keywords imported into the forensic tool, even if the word or phrase occurs in an unallocated space or deleted file.
ISO 9001 Certification
An organisation that has met the requirements for this certification, consistently provides products or services that meet customer and regulatory requirements.
The data embedded within a file that describes the characteristics of the document. Although some metadata, such as modification dates and file sizes, can be seen by the user, other hidden or embedded information requires a technical expert to locate it.
A generic term for a threat to an organisation’s security that comes from an external source, for example, a cybercriminal, hacktivist or competition-sponsored attacker. Common motives for an outside assault include economic gain, corporate espionage and social or political change.
A means of hiding information within a seemingly ordinary message so that only the intended recipient knows of its existence. Although this art dates back more than 2000 years, digital steganography works by replacing bits in files, such as images or audio files, with secret data.
The free space on a hard drive that can be used to store data. Sometimes files that may be of interest to an investigator are concealed here.
The methods used to ensure that the data on a computer is real, accurate and safeguarded from unauthorised user modification.
Cyber & Digital Forensics is a qualified digital investigation organisation that works to ISO9001 standards and ACPO Guidelines. We
are also working towards a fully ISO 17025:2017 accredited forensics laboratory.
We hold the following accreditations: