Glossary
Appearance
- acquisition
- The process of creating a duplicate copy of digital media for the purposes of examining it
- eDiscovery
- A common acronym for electronic discovery
- exhibit
- Digital media seized for investigation is usually referred to as an "exhibit"
- hashing
- Within the field "hashing" refers to the use of hash functions (e.g. CRC, SHA1 or MD5) to verify that an "image" is identical to the source media
- image
- A duplicate copy of some digital media created as part of the forensic process
- imaging
- Synonym of "acquisition"
- live analysis
- Analysis of a piece of digital media from within itself; often used to acquire data from RAM where this would be lost upon shutting down the device
- unallocated space
- Clusters of a media partition not in use for storing any active files. They may contain pieces of files that were deleted from the file partition but not removed from the physical disk
- verification
- A term used to refer to the hashing of both source media and acquired image to verify the accuracy of the copy
- write blocker
- The common named used for a forensic disk controller, hardware used to access digital media in a read only fashion
This content is originally from Glossary of digital forensics terms on Wikipedia. However all of the content there at the time of copying was created by User:ErrantX |