Jump to content

Glossary

From Wikibooks, open books for an open world


acquisition
The process of creating a duplicate copy of digital media for the purposes of examining it
eDiscovery
A common acronym for electronic discovery
exhibit
Digital media seized for investigation is usually referred to as an "exhibit"
hashing
Within the field "hashing" refers to the use of hash functions (e.g. CRC, SHA1 or MD5) to verify that an "image" is identical to the source media
image
A duplicate copy of some digital media created as part of the forensic process
imaging
Synonym of "acquisition"
live analysis
Analysis of a piece of digital media from within itself; often used to acquire data from RAM where this would be lost upon shutting down the device
unallocated space
Clusters of a media partition not in use for storing any active files. They may contain pieces of files that were deleted from the file partition but not removed from the physical disk
verification
A term used to refer to the hashing of both source media and acquired image to verify the accuracy of the copy
write blocker
The common named used for a forensic disk controller, hardware used to access digital media in a read only fashion


Note This content is originally from Glossary of digital forensics terms on Wikipedia. However all of the content there at the time of copying was created by User:ErrantX
Introduction to Digital Forensics
Glossary Authors