Dictionary | Bitstream Forensics

BITSTREAM FORENSICS CYBER SECURITY

& FORENSICS DICTIONARY

Part of the Bitstream Forensics mission is to help educate and support digital forensics and cyber security students, professionals, clients, and more. Whether you are a student who needs information for schoolwork, a professional brushing up on information, or someone who wants to better understand forensics and security, Bitstream Forensics has you covered. Below is a dictionary for digital forensics and cyber security. This is a growing list of definitions, as we add and update it often. Please feel free to use the information on this page and share it with anyone else who may find it useful. If you have any comments or suggestions, please email use at info@bitstreamforensics.com. Your journey to learning starts here! Enjoy!

Access: The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions.
Access Control: The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.
Access Control Mechanism: Security measures designed to detect and deny unauthorized access and permit authorized access to an information system or a physical facility.
Acquisition: The stage in a computer forensic investigation wherein the data involved is collected. Often the means used is a bit-by-bit copy or a forensic working image of the hard disk or other media in question.
Active Attack: An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations.
Active Content: Software that is able to automatically carry out or trigger actions without the explicit intervention of a user.
Active Files, Active Data: Data on a computer that is not deleted and is generally accessible and readily visible to the user under normal use.
Admin privilege: Having ultimate control of any given system.
Adware: Software that automatically displays or downloads material when a user is offline.
Advanced Persistent Threats (APT): When an unauthorized user invades a network, stays for an extended period of time, and steals data without harming the network.
Adversary: An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
Air Gap: To physically separate or isolate a system from other systems or networks (verb).
Alert: A notification that a specific attack has been detected or directed at an organization’s information systems.
Allocated data: Data that is contained within the physical memory of a volume that is accessible by the operating system and is not deleted.
Allocated space / sector / block: The logical area on a hard disk or other media assigned to a file by the Operating System (Also see Unallocated)
Allocation Block: (Also see block, cluster): A contiguous group of sectors, which is the smallest amount of space, assigned to a file by an operating system such as Microsoft Windows.
All Source Intelligence: In the NICE Workforce Framework, cybersecurity work where a person: Analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context; draws insights about the possible implications.
Ambient Data: The converse of active data. Ambient data is information that lies in areas not generally accessible to the user. This data lies in file slack, unallocated clusters, virtual memory files and other areas not allocated to active files.
Analyze: A NICE Workforce Framework category consisting of specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.
Android: An operating system developed by Google used primarily in mobile devices; such as, cell phones and tablets.
Antispyware Software: A program that specializes in detecting and blocking or removing forms of spyware.
Antivirus Software: A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code.
Application: Commonly known as a Program, or (sometimes) Software. The software used to access and create files or documents. Microsoft Word and Corel WordPerfect are applications that work with word processing documents. Microsoft Excel and Lotus 1-2-3 are applications that work with or spreadsheets.
Archival data: Often backups, archival data is generally kept on another media, such as on tape or CD, and is often compressed. Such data is not usually immediately available to the user and may need to be restored from the archival media to be accessed.
ASCII: Stands for “American Standard Code for Information Exchange.” Pronounced “Ass-key.” Often referred to as “ASCII text.” ASCII assigns a numerical code for each character on a keyboard; hence ASCII text is often comprehensible to humans without much interpretation.
Asset: A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value. Anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned.
Asymmetric Cryptography: A process that uses a pair of related keys, one public key and one private key, to encrypt and decrypt a message and protect it from unauthorized access or use. A public key is a cryptographic key that can be used by any person to encrypt a message so that it can only be deciphered by the intended recipient with their private key. A private key, also known as a secret key, is shared only with key's initiator. Synonym(s): Public Key Cryptography.
Attachment: An attachment is a file (such as an image, a word processing document or an mp3 file perhaps) that is sent along with an email message.
Attack: An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.
Attacker: An individual, group, organization, or government that executes an attack. A party acting with malicious intent to compromise an information system.
Attack Method: The manner or technique and means an adversary may use in an assault on information or an information system. Also known as Attack Mode.
Attack Path: The steps that an adversary takes or may take to plan, prepare for, and execute an attack.
Attack Pattern: Similar cyber events or behaviors that may indicate an attack has occurred or is occurring, resulting in a security violation or a potential security violation. For software, descriptions of common methods for exploiting software systems.
Attack Signature: A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks. An automated set of rules for identifying a potential threat (such as an exploit or the presence of an attacker tool) and possible responses to that threat.
Attack Surface: The set of ways in which an adversary can enter a system and potentially cause damage. An information system's characteristics that permit an adversary to probe, attack, or maintain presence in the information system.
Attack Vector: The technique a hacker uses to gain access to a computer or network in order to achieve a malicious outcome.
Attribute: See File Attribute.
Audit Trail: A chronological record of system activities on a computer or network security system that may keep track of user actions such as logins, file access, and other activities.
Authentication: A term that refers to standards, such as Sender ID, SPF and DomainKeys/DKIM, that serve to identify that an email is really sent from the domain name and individually listed as the sender. Authentication standards are used to fight spam and spoofing.
Authenticated Post Office Protocol (APOP): is an extension of the Post Office Protocol that allows passwords to be sent in encrypted form. APOP is more secure than normal plain text POP authentication but also suffers from serious shortcomings.
Authenticator: The way in which the identity of a user is confirmed.
Authenticity: A property achieved through cryptographic methods of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or a message, or sender of information or a message.
Authorization: A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource. The process or act of granting access privileges or the access privileges as granted.
Autoresponder: A computer program that automatically responds with a prewritten message to anyone who sends an email message to a particular email address or uses an online feedback form.
Availability: Information is accessible by authorized users. If an attacker is not able to compromise the first two elements of information security (confidentiality and integrity) they may try to execute attacks like denial of service that would bring down the server, making the website unavailable to legitimate users due to lack of availability. Availability is part of the "CIA triangle". Also see confidentiality and integrity.

Back door: A means of accessing or controlling a computer that bypasses normal authentication, while remaining hidden from the casual user. A backdoor may be a program that has been installed surreptitiously, or may be a hidden function of a legitimate program.
Backdoor Trojan: A generic name for Trojan horse programs that open a backdoor and allow an unauthorized user remote access to a computer.
Backscatter: A delivery failure report generated by a junk email that used an innocent third party’s email address as the sender (which address receives the delivery failure message).
Backup: A copy of data intended to be preserved. There are many types of data back up; including, Full, Incremental, Differential, and Mirror. The backups can be stored locally or off-site.
Backup Server: A computer on a network that is designed to be used to back up data from other computers on the network. A Backup Server may also be used as a File Server, a Mail Server or as an Application Server.
Backup media: The media on which backup data is kept. May be almost any form of media, such as tapes, CD-ROM, DVD, external hard disks, floppy diskettes, magneto-optical disks, WORM disks, Zip disks, Jaz disks, and many others
Basic Input Output System (BIOS): A program stored on the motherboard that controls the interaction between the various components of the computer.
Base64: A method for encoding arbitrary binary data as ASCII text, to be used, for example, in an email body.
Binary: The lowest representation of digital data, represented by either a “1” or “0”
Behavior Monitoring: Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends.
Bit: The smallest unit of digital data
Bitcoin: Cryptocurrency, a form of electronic cash created by Satoshi Nakamoto.
Bitstream: An identical, bit-for-bit copy of every consecutive sector on a digital storage media. Sometimes confused with mirroring.
Black Hat Hacking: Hacking with malicious intent. Typically to gain access to a computer and steal as much data as possible.
Blacklist: A Blacklist collects known sources of spam. Email traffic then can be filtered against a blacklist to remove spam from these sources.
Blind Carbon Copy (BCC): A copy of an email message sent to a recipient whose email address does not appear (as a recipient) in the message.
Block: An allocation block, as referred to in the Macintosh Operating System.
Blue Team: A group that defends an enterprise's information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team). Also, a group that conducts operational vulnerability evaluations and recommends mitigation techniques to customers who need an independent technical review of their cybersecurity posture.
Boot: To start a computer, more frequently used as “re-boot”.
Boot Disk: Refers to a disk that contains the files needed to start an operating system.
Bot: Programs that automatically execute tasks as ordered by the creator of the program that has infected them.
Bot Master: he controller of a botnet that, from a remote location, provides direction to the compromised computers in the botnet. Also known as a Bot Herder.
Botnet: A collection of private computers that are infected with malicious software that are being controlled without the owner’s knowledge.
Bounces: Email messages that fail to reach their intended destination. “Hard” bounces are caused by invalid email addresses, whereas “soft” bounces are due to temporary conditions, such as overloaded inboxes.
Broadband: A high bandwidth internet connection e.g. ADSL or cable.
Browser: Also know as a web browser. See web browser.
Brute Force: A method of decrypting an encrypted password to access a file or device. This method utilizes a trial and error approach. The method can be done by hand or automated with a program.
Built in Security: A set of principles, practices, and tools to design, develop, and evolve information systems and software that enhance resistance to vulnerabilities, flaws, and attacks.
Bug: An error, flaw, failure, or fault in a computer program or system that causes an unintended code interaction.
Bulletin Board Service (BBS): Like an electronic cork board It is a computer system equipped for network access that serves as an information and message-passing centre for remote users. BBSs are generally focused on special interests, such as science fiction, movies, Windows software, or Macintosh systems. Some are free, some are fee-based access and some are a combination.
Buffer: An area of memory used to temporarily hold data. May be written to a buffer file.
Buffer file: A file written from data in a buffer.
Burn: The process of creating a CD-ROM or DVD.
Byte: Eight consecutive bits. The unit in which computer storage and computer memory is measured. The amount of data necessary to make a single character (such as a letter or a number) of data. Part of the words kilobyte (KB), megabyte (MB), gigabyte (GB), terabyte, petabyte.

Cache: Internet browsers store data in an Internet History Cache for faster access for future visits by the user.
Capability: The means to accomplish a mission, function, or objective.
CAPTCHA: A test that distinguishes between robots and humans using a website where you have to “prove you’re human”.
Catfishing: Creating a fake identity on a social network account, usually a dating website, to target a specific victim for deception.
Carbon Copy (CC): A copy of an email message sent to a recipient whose email address appears in the message’s Cc header field.
CD-R - Compact Disk – Recordable: A disk to which data can be written but not erased.
CD-ROM - Compact Disk: Read Only Memory. A plastic disk able to hold approximately 650MB to 700MB of data. A common storage medium for data.
CD-RW - Compact Disk – Rewritable: A disk to which data can be written and erased.
Central Processing Unit (CPU): The most powerful chip in the computer. Located on a computer, it is the “brain” that performs all arithmetic, logic and control functions.
Cipher: Is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. Synonym(s): cryptographic algorithm
Ciphertext: Data or information in its encrypted form.
Chain of Custody: A ‘paper trail’ indicating every location, date and time that a piece of evidence has been received, stored, moved and reviewed by anyone having contact with the evidence. This documentation is highly critical in court cases.
Challenge Response: An authentication method that requires a human to respond to an email challenge message before the original email that triggered the challenge is delivered to the recipient. This method is sometimes used to cut down on spam since it requires an action by a human sender
Click-Through Tracking: The process of tracking how many recipients clicked on a particular link in an email message. This is commonly done to measure the success of email marketing campaigns.
Closed Source: Also known as proprietary software, when the code is hidden from the general public.
Cloud Computing: The practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer.
Cloud Security: The strategies and policies used to protect data applications and cloud system apps.
Cloud Storage: a model of computer data storage in which the digital data is stored in logical pools. The physical storage spans multiple servers (sometimes in multiple locations), and the physical environment is typically owned and managed by a hosting company.
Cluster: Also known as allocation blocks, a cluster is a contiguous group of sectors that is the smallest amount of space assigned to a file by an operating system such as Microsoft Windows. Clusters generally range in size from 4 sectors to 64 sectors.
Collect & Operate: A NICE Workforce Framework category consisting of specialty areas responsible for specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.
Collection Operations: In the NICE Workforce Framework, cybersecurity work where a person: Executes collection using appropriate strategies and within the priorities established through the collection management process.
Common Gateway Interface (CGI): A specification for transferring information between a Web server and a CGI program. CGI programs are often used for processing email subscriptions and Web forms.
Complementary Metal-Oxide Semi-Conductor (CMOS): It commonly holds the BIOS preference of the computer through power off with the aid of a battery.
Compressed file or zipped file: A file that has been encoded using less space than the original file in its uncompressed state. A zipped file may contain more than on compressed file.
Computer Network Defense: The actions taken to defend against unauthorized activity within computer networks.
Computer Network Defense Analysis: In the NICE Workforce Framework, cybersecurity work where a person: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
Computer Network Defense Infrastructure Support: In the NICE Workforce Framework, cybersecurity work where a person: Tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware and software that are required to effectively manage the computer network defense service provider network and resources; monitors network to actively remediate unauthorized activities.
Computer Forensics: The identification, preservation, and processing of digital evidence for the preparation of courtroom testimony. Also known as digital forensics.
Computer Security Incident: is a warning that there may be a threat to information or computer security. The warning could also be that a threat has already occurred. Threats or violations can be identified by unauthorized access to a system. A computer security incident is a threat to policies that are related to computer security.
Confidentiality: Refers to protecting information from being accessed by unauthorized parties. In other words, only the people who are authorized to do so can gain access to sensitive data. Part of the "CIA Triangle". Also see Integrity and Availability.
Consequence: The effect of an event, incident, or occurrence. In cybersecurity, the effect of a loss of confidentiality, integrity or availability of information or an information system on an organization's operations, its assets, on individuals, other organizations, or on national interests.
Continuity of Operation Plans: A document that sets forth procedures for the continued performance of core capabilities and critical operations during any disruption or potential disruption.
Cookies: Small text files accepted by viewing a web page. These files contain information such as the website domain address, date and times last viewed, the number of visits to the websites and other information regarding the browser’s visit to the website.
Corrupt Data or Corrupt File: A file that is damaged. Damage may have occurred inadvertently during transmission, copying, through operating system error, physical damage to the media on which the data was stored, or though other means
Critical Infrastructure: The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters.
Cryptanalysis: The operations performed in defeating or circumventing cryptographic protection of information by applying mathematical techniques and without an initial knowledge of the key employed in providing the protection. The study of mathematical techniques for attempting to defeat or circumvent cryptographic techniques and/or information systems security.
Cryptography: The process of securing private information that is sent through public networks, by encrypting it in a way that makes it unreadable to anyone except the person or persons holding the mathematical key/knowledge to decrypt the information.
Cryptographic Algorithms: A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output.
Cryptology: The mathematical science that deals with cryptanalysis and cryptography.
Crypojacking: A hacking attack that makes the device mine cryptocurrency, in addition to its normal use.
Customer Relationship Management (CRM): The methodologies, software, and Internet capabilities that help a company manage customer relationships in an efficient and organized manner.
Customers Service & Technical Support: In the NICE Workforce Framework, cybersecurity work where a person: Addresses problems, installs, configures, troubleshoots, and provides maintenance and training in response to customer requirements or inquiries (e.g., tiered-level customer support).
Cyber Echo System: The interconnected information infrastructure of interactions among persons, processes, data, and information and communications technologies, along with the environment and conditions that influence those interactions.
Cyber Exercise: A planned event during which an organization simulates a cyber disruption to develop or test capabilities such as preventing, detecting, mitigating, responding to or recovering from the disruption.
Cyber Incident Response Plan: Incident response is a well-planned approach to addressing and managing reaction after a cyber attack or network security breach. The goal is to minimize damage, reduce disaster recovery time, and mitigate breach-related expenses.
Cyber Infrastructure: An electronic information and communications systems and services and the information contained therein. The information and communications systems and services composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements: • Processing includes the creation, access, modification, and destruction of information. • Storage includes paper, magnetic, electronic, and all other media types. • Communications include sharing and distribution of information.
Cyber Operations: In the NICE Workforce Framework, cybersecurity work where a person: Performs activities to gather evidence on criminal or foreign intelligence entities in order to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or to support other intelligence activities.
Cyber Operation Planning: In the NICE Workforce Framework, cybersecurity work where a person: Performs in-depth joint targeting and cyber planning process. Gathers information and develops detailed Operational Plans and Orders supporting requirements. Conducts strategic and operational-level planning across the full range of operations for integrated information and cyberspace operations
Cyber Security: A technique for protecting computers, networks, programs, and data from unauthorized access or hackers for exploitation.
Cyber Space: The interdependent network of information technology infrastructures, that includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers.
Cyclic Redundancy Check (CRC): A common technique for detecting data transmission errors.

Dark Web: A part of the Deep Web that is used for anonymous communication and website activities. This usually requires the use of TOR and other methods to access.
Data Administration: In the NICE Workforce Framework, cybersecurity work where a person: Develops and administers databases and/or data management systems that allow for the storage, query, and utilization of data.
Data Aggregations: The process of gathering and combining data from different sources, so that the combined data reveals new information.
Data Breach: The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information. Also known as Data Leakage.
Database: A structured collection of data that can be accessed in many ways.
Data: Any allocated or unallocated information stored on a physical volume; such as a computer, cell phone or other memory storage devices.
Data Breach: When sensitive, protected, or confidential information is intentionally released to an untrusted environment.
Data Encryption: Transforming data in such a way that only approved parties can decrypt and access it.
Data Loss: The result of unintentionally or accidentally deleting data, forgetting where it is stored, or exposure to an unauthorized party.
Data Loss Prevention (DLP): A set of procedures and mechanisms to stop sensitive data from leaving a security boundary.
Data Protection: Also known as data privacy and information privacy, the process of safeguarding information so it doesn’t fall into the wrong hands.
Data recovery: The process of retrieving data, whether found in active, deleted, or unallocated memory sources. The data may be complete files or partial.
Deep Web: – A part of the Internet that is not accessed (indexed) by Google and other popular search engines. It is generally not accessible on common browsers like Internet Explorer.
Default: A setting or value automatically assigned without user intervention.
Deduplication (“De-duping”): A process performed on a collection of data from multiple sources, whether from several files, several different locations or computers, or from within a collective email file. The process is designed to yield one unique copy of ant given record, file, or email.
Delete: A file that has been marked by an operating system to not be accessible by the user. In general, the file is intact, however, it is ‘marked’ not to be accessed or stored. It can be overwritten with continued use of the storage media.
Deleted Files: If a subject knows there are incriminating files on the computer, he or she may delete them in an effort to eliminate evidence. Many computer users think that this actually eliminates the information. However, depending on how the files are deleted, in many instances, a forensic examiner is able to recover all or part of the original data.
Denial of Service (DNS) Attack: Denial of Service Attacks are attempted to make a computer resource unavailable to its intended users. e.g. a web site is flooded with requests, which ties up the system and denies access to legitimate users.
Desktop: (1) In a Graphical User Interface (GUI), such as Windows or the Macintosh OS, the view of files and folders visible before a user opens any windows. The desktop is actually a graphic view of an invisible folder stored on the computer’s hard disk. (2): A desktop computer.
Desktop computer: A stand-alone computer that is generally designed to be connected to a keyboard and monitor (although some desktop computers, such as the Macintosh iMac, have the monitor integrated), as distinct from a laptop, and from a Server.
Digital Security: An all-encompassing term for the tools used to secure your identity, data, assets, and devices.
Digital Signature: Use of cryptography to provide authentication of the associated input or message.
Digital Versatile Disk (DVD): Similar in appearance to a compact disk, but can store larger amounts of data.
Directory: A hierarchical arrangement of listings of files accessed within an operating system. The topmost directory is referred to as the “Root Directory”. Subsequent directories are referred to as “sub directories”.
Disk: Generally a hard disk. Floppy diskettes are often referred to as disks.
Disk cache: RAM used to speed up access to stored data. May be part of a computer’s RAM, or may be RAM integrated into the disk drive itself.
Disk Mirroring: Data copied to another hard disk or to another area on the same hard disk in order to have a complete, identical copy of the original.
Distributed Denial of Service (DDoS) Attack: An attack that occurs when multiple systems infiltrate a targeted network. Typically a global attack.
Domain Name Server (or System) (DNS): An Internet service that translates domain names into IP addresses.
Domain Name: A name that identifies one or more IP addresses. Domain names always have at least two parts that are separated by dots (for instance lsoft.com). The part on the left is the second-level domain (more specific), while the part on the right is the top-level domain (more general).
Dongle: A term for a small external hardware device that connects to a computer to authenticate a piece of software; e.g. proof that a computer actually has a license for the software being used.
Dot: A period that is used as part of a filename, or as part of a Web address. It is pronounced “dot.” For instance, a file named “glossary.doc” would be spoken as “glossary dot doc.” Similarly, a web address, such as www.yahoo.com would be spoken as “W-W-W dot yahoo dot com.”
Download: The transfer of data between two computers, generally over a network. One may download a file from the Internet, for instance. Commonly used as a misnomer for “copy.” For instance, a common mistake is to say that one downloaded a file from a diskette, when a file is copied (not downloaded) from a diskette.

E-mail: Electronic mail. Messages transmitted over a computer network or networks, directed to a given user, either individually or in bulk. Email may be stored in a largely text format, or in an encrypted form. Microsoft Outlook stores email messages in an encrypted file; most other email programs store messages primarily as text.
E-mail Address: An email address is a name for an electronic postbox that can receive (and send) email messages on a network (such as the internet or a local network not connected to the wider internet).
E-mail Body: The email body is the main part of an email message that contains the message’s text, images and other data (such as attached files).
E-mail Client: An email client is a program (on a computer or mobile device, for example) used to read and send electronic messages.
E-mail Harvesting: The disreputable and often illegal practice of using an automated program to scan Web pages and collect email addresses for use by spammers.
E-mail Header: Email header lines make up the first part of any email message. They contain information used to control the message and its transmission as well as metadata such as the Subject, origin and destination email addresses, the path an email takes, and maybe its priority.
E-mail Server: An email server is a program running at Internet Service Providers and large sites used to transport mail. Users normally do not interact with email servers directly: email is submitted with an email client to an email server, which delivers it to the recipient’s email client.
Electronic Discovery (eDiscovery or eDisc): Acquiring digital media for production in litigation. Has also been used to describe the process of converting paper files to digital media (e.g., TIFF and OCR files).
Encoding: The method of sending binary (non-test) files with e-mails. Common encoding options include BinHex, Mime, Uuencode, etc
Encryption: The process that renders a piece of data to be unreadable without knowing the key to decrypt and access the data.
Ethical hacking: The practice of locating vulnerabilities and weaknesses in information systems and computers by duplicating the actions and intent of malicious hackers who seek to bypass security and search for gaps in systems that can be exploited.
Exabyte: 1024 Petabytes
Extension: The part of a file name that indicates the type of document that contains. Various applications open specific extensions. Examples: .doc files are documents; .jpeg are pictures; etc.
Evergreen: Software that is in a constant state of updating. Intended to be convenient to the user and meant to disrupt hackers.
Evidence: The available body of facts or information indicating whether a belief or proposition is true or valid.
Evidentiary Image: Same as a bit-stream copy. An exact sector by sector copy of a hard drive that allows for retrieval of deleted files.

False Positive: A legitimate email message that is mistakenly rejected or filtered by a spam filter.
File Attribute: Properties associated with a file that are kept with the file directory listing. Such attributes include the date and time the file was last accessed, created, or modified,
Fileless Malware: Malware operating in-memory.
File name: The identification name of a file minus the extension. For example; home.jpeg contains the filename “home” with the extension “.jpeg”
File Server: A computer on a network that is used to store files from and for multiple users on the network. A file server may also be used as an Application Server, a Backup Server, or as a Mail Server. May be used as a backup for the computers on the network.
File signature: The file identification that corresponds to a particular extension. Forensic analysis tools identify file extensions and compare them to the file extension listed to see if there has been an attempt to hide the type of file that it contains. For example, changing a .jpeg extension on a picture file to .doc to try to hide it from being found as a picture.
File slack: Information at the end of a cluster that has not been completely filled, or overwritten by a file. The file may end before the end of the cluster, hence the cluster may contain data from a previous file
File Transfer Protocol (FTP): Used for uploading or downloading files to and from remote computer systems on a network using TCP/IP, such as the Internet.
Firewall: An internet traffic filter meant to stop unauthorized incoming and outgoing traffic.
Firmware: Code that is embedded into the hardware of a computer.
Flame: Also known as Flamer, sKyWIper, and Skywiper, a modular computer malware discovered in 2012. It attacks computers running on Microsoft Windows.
Floppy diskette: A square-shaped enclosure holding a rotating flexible plastic magnetically coated disk used for data storage. At this writing, the 8″ and 5.25″ variety of floppy diskette is obsolete, and the 3.5″ variety is approaching obsolescence. The most common floppy diskettes hold 1.44 MB of data.
Folder: in a GUI, a folder is the representation of a directory and may contain files and other, nested folders.
Forensic copy: A bit-for-bit image complete copy of a digital storage media generally intended to be used in an examination for courtroom purposes. Also known as a Forensic Image.
Forensic Image: A bit-for-bit image complete copy of a digital storage media generally intended to be used in an examination for courtroom purposes.
Free Space: File clusters that are not currently used for the storage of ‘live’ files, but which may contain data which has been ‘deleted’ by the operating system. In such cases, whole or part files may be recoverable unless the user has used specialist disk cleaning software.

Gateway: This is a hardware or software set-up that functions as a translator between two dissimilar protocols. A gateway can also be the term to describe any mechanism providing access to another system
Geolocation: The ability to determine the geographic location of a device using a number of data sets including the Internet Protocol (IP address), RFID, Wi-Fi positions and GPS coordinates. Some of this information may be captured in pictures taken with a cell phone further increasing the ability to identify the location of a device at a particular point in time.
GIF: A common picture file. GIF stands for “Graphic Interchange Format”. GIF is pronounced “Jiff”
Gigabyte (GB): 1024 megabytes (MB), or 1,048,576 KB, or 1,073,741,824 bytes. Often considered (incorrectly) to be one billion bytes.
GUI – Graphic User Interface: This is the common view used in modern operating systems making it easier for the user to visualize where things are on a computer device and to be able to access and manipulate the programs and data.

Hacker: Persons who are experts with computer systems and software and enjoy pushing the limits of software or hardware. To the public and the media, they can be good or bad. Some hackers come up with good ideas this way and share their ideas with others to make computing more efficient. However, some hackers intentionally use their expertise for malicious purposes, (e.g. to circumvent security and commit computer crimes) and are known as ‘black hat’ hackers.
Hard Disk: The memory storage in a computer that can be accessed by an operating system. Also referred to as a hard drive.
Hardware: The physical parts of a computer. If it can be picked up it is hardware as opposed to software.
Hash or Hash Value: A numeric calculation generated to be able to identify the accuracy that a file is unique in nature. Forensic hash values are treated similar in nature to a ‘digital fingerprint’. There is a high degree of confidence that the hash value is unique in nature. See MD5 hash and SHA hash values.
Host: When a server acts as a host it means that other computers on the network do not have to download the software that this server carries.
Host Machine: For the purpose of this document, a host machine is one which is used to accept a target hard drive for the purpose of forensically processing.
HTML - Hypertext Markup Language: This is a type of code utilized by Internet browsers, servers and other connections in order to communicate how data is to be viewed and utilized on services such as the World Wide Web.
Hub: A central connection for all the computers in a network, which is usually Ethernet-based. Information sent to the hub can flow to any other computer on the network.

Identity and access management (IAM): In enterprise IT IAM is about defining and managing the roles and access privileges of individual network users and the circumstances in which users are granted (or denied) those privileges.
Identity Check: Confirmation of someone's identity, either using a password or a fingerprint.
Identity theft: The deliberate use of someone else's identity, typically for financial gain.
Integrity: Refers to ensuring the authenticity of information—that information is not altered, and that the source of the information is genuine. Imagine that you have a website and you sell products on that site. Integrity is part of the "CIA Triangle". Also see Confidentiality and Availability.
Imaging: Imaging is the process used to obtain all of the data presents on a storage media (e.g. hard disk), whether it is active data or data in free space, in such a way as to allow it to be examined as if it were the original data.
Information Technology: Also referred to as IT, the study or use of computers and telecommunications to store, retrieve, transmit, or send data.
Insider Threat: A malicious threat to a group or organization that comes from someone within, like an employee, contractor, or business associate, who has insider information regarding the organization’s data, computer systems, or security measures.
Instant Messaging: A communication type that is generally real-time between users. Generally, it is text based, but sometime can contain graphic and other file content.
Intranet: Contrary to the public Internet, an intranet is a private network inside a company or organization.
International Mobile Equipment Identifier (IMEI): A unique 15-digit number that serves as the serial number of a GSM handset.
International Mobile Subscriber Identity (IMSI): A globally unique code number that identifies a Global System for Mobiles (GSM) handset subscriber to the network.
Internet: A collection of servers and computers to be able to access files contained on web sites and other services. Generally, it refers to the World Wide Web.
Internet Messaging Access Protocol (IMAP) : An internet standard that describes a protocol for retrieving mail from an email (IMAP) server. IMAP allows email programs to access not only new messages but also folders on the server. Actions are synchronized between multiple email programs connected through IMAP.
Internet of Things (IoT): Also referred to as IoT, is an object that has an internet connection. Can be anything from your dog’s collar, watch, vehicle, hearing aid, and more.
Internet Relay Chat: A virtual meeting place where people from all over the world can meet and talk about a diversity of human interests, ideas and issues. Participants are able to take part in group discussions on one of the many thousands of IRC channels, or just talk in private to family or friends, wherever they are in the world.
iOS: One of the most popular mobile operating system developed and created by Apple Inc.
iOS Device: an electronic gadget that runs on iOS.
IP Address Version 4 (IPv4): An electronic identifier for a specific computer or device on the World Wide Web or other (internal or external) electronic network using the TCP/IP protocol. An IP address is a series of four numbers separated by periods (“dots”), Each number has a value from 0 to 255. An example could be 192.168.25.105 “IP” stands for “Internet Protocol.”
IP Address Verison 6 (IPv6): Like IPv4, An electronic identifier for a specific computer or device on the World Wide Web or other (internal or external) electronic network using the TCP/IP protocol. An IPv6 address is a series of eight groups of four hexadecimal digits with each groups being separated by colons, for example 2001:0db8:85a3:0000:0000:8a2e:0370:7334, but is sometimes abbreviated.
ISP – Internet Service Provider: A provider that generally charges a fee to allow access to the Internet. Some ISPs include AT&T, Earthlink, Yahoo and others.

Javascript: A language used to create and control the content on a website, allowing you to program the behavior of web pages to do a specified action.
JPEG and JPG: A common picture file format. JPEG stands for “Joint Photographic Experts Group”. The extension is .jpeg and .jpg.
Jumplists: Lists of recently modified documents in certain programs in Windows from Windows 7 onward. May be used to help determine a history of use of certain files that may be expanded beyond the standard file date attributes.

Kernel: The core of a computer’s operating system that houses the most essential functions of the computer.
Keylogger: A program or device that tracks and copies each keystroke on a computer. Generally, it is a type of spyware and is intended to work in stealth without the awareness of the targeted user’s knowledge.
Keyword search: In computer forensics, it is a process to attempt to identify specific files and data on digital evidence that has been processed for forensic review. By utilizing known keywords withing a case (such as content in an email), the examiner can quickly find targeted files and speed up the process of locating evidence for a case.
Kilobyte (KB): 1024 bytes. Used to measure both storage and memory. Often considered (incorrectly) to be one thousand bytes.

Linux: An operating system popular with enthusiasts and used by some businesses.
Lightweight Directory Access Protocol (LDAP): defines a means to find and edit information in white pages. Using LDAP, email, groupware, contact and other software can access and manipulate entries on a directory server.
LNK files: Referred to as ‘link’ files, this extension, .lnk, is created in Windows operating systems when a user opens a file. It contains information pertaining to the location where the file is located, and the date and time the file was opened. This can be very useful to determine if a file was saved onto or filed off of a computer with a device like a thumb drive.
Local Area Network (LAN): A computer network, although geographically limited, usually to the same building, office, etc.
Log or logfile: Many applications retain logs of various activities in the form of a log file. Logs can contain very useful data to identify a user’s activity.
Lotus Notes: Made by IBM. One of the two most common corporate email programs. The other is Microsoft’s Outlook.

MAC dates: File attributes in the Windows operating system. Thee MAC dates are the date a file was last Modifies, Last Accessed, and Created.
Machine Learning: The focus of developing programs that access and use data on their own, leading machines to learn for themselves and improve from learned experiences.
Macro Virus: A virus attached to instructions (called macros) which are executed automatically when a document is opened.
Magnetic Media: A disk, tape, cartridge, diskette or cassette that is used to store data magnetically.
Mail Merger: A process that enables the delivery of personalized messages to large numbers of recipients. This is usually achieved using email list management software working in conjunction with a database.
Mail Server: A server on a network that processes incoming and outgoing electronic communications, especially email. A mail server generally has security policies in place to allow only authenticated users access to given email communication. The mail server may store a copy of users’ data in various forms, or may not store copies of users’ data. A mail server may be utilized for multiple functions, including as a File Server, Application Server, or Backup Server.
Mailto: an HTML tag that allows visitors to a site to click on a link that creates a new message in their default email program. It is possible to set not only a default email recipient but also default Subject and message body content.
Malware: Short for malicious software, is any kind of software designed to damage, or enable unauthorized access, to computer systems.
MD5 Hash: An algorithm created in 1991 by Professor Ronald Rivest that is used to create digital fingerprints of storage media, such as a computer hard drive. When this algorithm is applied to a hard drive, it creates a unique value. Changing the data on the disk in any way will change the MD5 value.
Megabyte (MB): 1024 Kilobytes (KB), or 1,048,576 bytes. Often considered (incorrectly) to be one million bytes.
Memory: Often used as a shorter synonym for random access memory (RAM). Memory is the electronic holding place for instructions and data that a computer’s microprocessor can reach quickly. RAM is located on one or more microchips installed in a computer.
Metadata: Data about data. Information such as the author, date created and date modified. There is file or system meta data and document or application metadata. File metadata is assigned by the computer’s operating system whereas document metadata is assigned by the application or program used to create the file. If a file is moved from one location to another the file metadata will change, but most of the document metadata will remain intact.
MFT – Master File Table or MFS (Master File System): In Windows it is the filing system to keep track of where all files are contained and can be accessed in the allocated space of the computer system and physical memory. It can be compared to the Index Filing System in a public library.
Megabyte (MB): 1024 Kilobytes (KB), or 1,048,576 bytes. Often considered (incorrectly) to be one million bytes.
Memory Cache: Also known as RAM cache, it is high-speed memory designed to store frequently accessed or recently accessed data for quick use. On the Macintosh, RAM cache may also be disk cache.
Mitigation Defense: Software that doesn’t stop hacking from happening, but will mitigate the effects
Modulator / Demodulator (MODEM): A device that connects a computer to a data transmission line (typically a telephone line). Most people use modems that transfer data at speeds ranging from 1200 bits per second (bps) to 56 Kbps. There are also modems providing higher speeds and supporting other media. These are used for special purposes – for example, to connect a large local network to its network provider over a leased line.
Monitor: A device on which the computer displays information.
Multipurpose Internet Mail Extensions (MIME): a method to send content other than ASCII text via email. Arbitrary data is encoded as ASCII text for MIME.

National Security Agency (NSA): The official United States cryptologic organization under the Department of Justice. Responsible for global monitoring, collection, and processing of information and data for both foreign and domestic intelligence.
Native format or native environment: The original configuration or program in which a file or other data was produced.
Network: A group of computers linked together to share files, data and processes.
NTFS: A file system developed by Microsoft Windows. It stands for “New Technology Filing System”. It is utilized by the current Windows operating systems. NTFS was developed by Microsoft and released in 1993 with Windows NT 3.1. It has subsequently been used in versions of Windows through Windows 8.1. Previous versions of Windows had been dependent on the DOS operating system.

Offline Storage Table or OST File: Similar to a .pst file but typically used by remote users that will read and respond to email offline and then synchronize it with their company’s Exchange server when Internet access is available. An OST file is now the default local email storage for Exchange 2007 and higher.
Online: A term generally used to refer to being ‘on the Internet’.
Open Source: Software that has their code listed as free to use, share, and modify.
Operating System (OS): This software is usually loaded into the computer memory upon switching the machine on and is a prerequisite for the operation of any other software. Examples include the Microsoft Windows family of operating systems (including 3.x, NT, 2000, XP and Vista) and UNIX operating systems and their variants like Linux, HP-UX, Solaris and Apple’s Mac OSX and BSD.
Optical Character Recognition (OCR): A software program converts the text of a printed document to digital format so the document can be searched. Accuracy rates can vary widely depending on numerous factors such as the quality of the original and the program used for scanning which obviously impacts the validity of any search results.
ORB: A high capacity removable hard disk system. ORB drives use magnetoresistive (MR) read/write head technology.
Outlook: One of the two most common corporate email programs (the other is Lotus Notes). Made by Microsoft and needs to be purchased, but typically comes as part of one of the Microsoft Office packages.
Outlook Express: An email program that comes standard on all Microsoft operating systems. Depending on their email provider, a user could download their web-based email and view it with this program.

Page File: Also known as "Windows Swap File".
Partition: A logical delineation of a hard drive, generally into smaller drives for storage and access by an operating system.
Patch Management: A strategy that is in place to manage upgrades for software applications.
Password: A word, phrase or combination of keystrokes used as a security measure to limit access to computers or software.
PCMCIA Cards: Similar in size to credit cards, but thicker. These cards are inserted into slots in a Laptop or Palmtop computer and provide many functions not normally available to the machine (modems, adapters, hard disks, etc.)
PDA - Personal Digital Assistant: A handheld device that may have multiple functions, one of which is usually a form of electronic data. PDAs may contain programs, data files and storage, a digital camera and associated storage, a telephone and associated address / phone book and other data.
Personal Computer (PC): A term commonly used to describe IBM & compatible computers. The term can describe any computer useable by one person at a time.
Personal Stores Table or PST File: The compressed file used by Outlook to store an individual user’s email, contacts, calendar items, journal entries, and notes. Similar to Lotus Notes’. nsf file.
Personal Unblock Key (PUK): the code to unlock a GSM SIM card that has disabled itself after an incorrect PIN was entered three times in a row.
Piggyback Programs: Programs that are bundled into another program that a user downloads in the hope that the user will select “next” by force of habit and install.
Plain Text: Text in an email message that contains no formatting elements.
Plugins: Customizable additions to software for extra functionality.
PDF - Portable Document Format: A file extension created for documents to be stored in smaller memory capacity. PDFs are created by Adobe Acrobat and can be created to prevent alterations by other users.
Port: Where information goes into or out of a computer, e.g. the serial port on a personal computer is where a modem would be connected.
Post Office Protocol (POP): A protocol used to retrieve email from a mail server. Most email clients use either the POP or the newer IMAP protocol.
Petabyte (PB): 1024 Terabytes, or 1,125,899,906,900,000 bytes – a bit more than a quadrillion bytes
Phishing: a fraudulent practice in which private data is captured on web sites or through an email designed to look like a trusted third party. Typically, phishing (from “password fishing”) scams involve an email alerting the user to a problem with their bank or another account.
Privacy: A major concern of Internet users that largely involves the sharing of personally identifiable information, which includes name, birth date, Social Security number and financial data, for example.
Private data: Data that is used to identify you, like your name, address, phone number, or Social Security Number.
Program: Also known as an Application, or (sometimes) Software. The software used to access and create files or documents. Microsoft Word and Corel WordPerfect are applications that work with word processing documents. Microsoft Excel and Lotus 1-2-3 are applications that work with or spreadsheets.
Protocol: An agreed-upon standard format for communicating, connecting, or transferring data between two computers or devices. There are many communications protocols, such as TCP (Transmission Control Protocol).
Public Key Cryptography: Public key cryptography uses a key with two parts. The public key part is used for encryption exclusively for the recipient, whose private key part is applied for decryption. For public key cryptography to be save it is important that only the intended recipient knows the private part of the key.

Query: To search or ask. In particular, to request information in a search engine, index directory or database.

ReCAPTCHA: A service from Google that works to protect websites from spam and abuse caused by robots. A user is presented with a Turing test to distinguish them from a robot.
RAM – Random Access Memory: This is a memory area used by a computer for storage and or data. It can be dynamic and overwritten and may contain data that has not been written to a hard drive.
Ransomware: A form of malware used to threaten victims by blocking, publishing, or corrupting their data unless the ransom is paid.
Registry: Windows contains registry ‘hives’ to contain data pertaining to a user’s settings and some history. This is a very useful area for analysis by digital forensics examiners.
Registry Hives: The Windows registry is made up of sub files called “hives.” Individual Windows User settings and some history of usage are kept in the various hives and may be updated as the computer is used.
- SAM Hive: “Security Account Manager” that stores Users’ passwords
- Software Hive: Contains software and windows settings
- System Hive: Contains information about the Windows system setup, mounted devices, alternative configurations for hardware drivers and services.
Removable Media: Items e.g. floppy disks, CDs, DVDs, cartridges, tapes that store data and can be easily removed.
Removable Media Cards: Small-sized data storage media which are more commonly found in other digital devices such as cameras, PDAs (Personal Digital Assistants) and music players. They can also be used for the storage of normal data files, which can be accessed and written to by computers.
Request for Comment (RFC): The format Internet standards are published in. RFCs relevant for email are published by the Internet Engineering Task Force (IETF) and include RFC 821 for SMTP, RFC 822, which specifies the format of Internet email messages, or RFC 1939, which lays down the PO protocol.
Reverse DNS Lookup: The process of looking up and translating an IP address into a domain name. This can be compared to a Forward DNS Lookup, which is the process of looking up and translating a domain name into its corresponding IP address.
Role-Based Access Control (RBAC): A method of restricting network access based on the roles of individual users within an enterprise. RBAC lets employees have access rights only to the information they need to do their jobs and prevents them from accessing information that doesn't pertain to them.
Rootkit: One of the most insidious types of malware, as they are extremely stealthy and difficult to detect by traditional endpoint protection methods. This malware masks its existence and controls the operating system, preventing its detection even further. Hackers use rootkits to access a system and steal information.
Router or Routing System: The role of a route can be described as a bridge between two or more networks. The function of the router is to look at the destination addresses of the packets passing through it, and thereafter decide which route to send these packets on.

Sandboxing: An effort to increase security by isolating processes and browser tabs from one another and the rest of the computer.
Scalability: The ability of a software program to continue to function smoothly as additional volume or work is required of it.
Script: A simple form of code for software that can be written in word editors.
Sector: The basic smallest unit for a hard drive to contain data. In general, the sector size is 512 bytes.
Secure Socket Layer (SSL) Certificate: This authenticates the identity of a website and encrypts the information sent to the server using secure technology.
Server: A computer on a network that shares data with other computers on the network.
Shadow Volume: Also known as Shadow Copy, Volume Snapshot Service (VSS), Volume Shadow Copy Service, is included with Microsoft Windows and makes automated backup copies of some files and operating system components from time to time on NTFS-based computers.
Simple Mail Transfer Protocol (SMTP): the protocol used for email on the Internet. It defines a message format and a procedure to route messages through the Internet from source to destination via email servers.
Slack Space: A portion of the hard drive between where one file ends and another file begins. This can be an important place to look if searching for old deleted data.
Sniffing: A method of determining whether email recipients are capable of receiving HTML-formatted messages. This procedure is not recommended as it is flawed and may result in inaccurate findings.
Social engineering: The act of taking advantage of human trust to gain access to private information. This can be done as easily as calling a number and asking for it.
Software: Anything that can be stored electronically. Includes programs, files, and data.
Spam: Unsolicited email. Not all unsolicited email is spam, however. Most spam is sent in bulk to a large number of email addresses and advertises some product or—considerably less often—political viewpoint.
Spammer: A spammer is a person or entity (such as a company) that sends spam emails
Spoofing: The disreputable and often illegal act of falsifying the sender email address to make it appear as if an email message came from somewhere else.
Spoliation: Intentional, negligent, or accidental destruction or alteration of evidence.
Spyware: A term coined in the mid-1990s to describe malware used to gain access to a user’s systems and monitor their data, files, and behavior. Often used to disable firewall or anti-malware software while consuming CPU activity to increase an endpoint’s vulnerability to attack.
Steganography: A means of writing hidden messages such that only the intended recipient knows of its existence. An modern example may be the replacing a few pixels of a digital image with a digital message. The slight change in the image may be unnoticeable to a person who does not know where in the image to look. Older forms of Steganography, which means “covered writing” in Greek, date back more than 2.000 years.
Subject: A short summary of its contents of an email. Email programs usually display it in a mailbox display together with the sender.
Subscriber Identity Module (SIM): A Smart Card which is inserted into a cellular phone, identifying the user account to the network and providing storage for data.
Switch: A typically a small, flat box with 4 to 8 Ethernet ports. These ports can connect to computers, cable or DSL modems, between specific systems on the network as opposed to broadcasting information to all networked connections.

Tagged Image File Format (TIF or TIFF): A graphic file that is commonly used by litigation support vendors to create pictures of either digital or paper documents.
TCP/IP: A suite of communications protocols used to allow communication between computers on a network, such as on the Internet. Stands for "Transmission Control Protocol / Internet Protocol".
Terabyte (TB): 1024 Gigabytes, or 1,099,511,627,800 bytes – a bit more than one trillion bytes.
Threadjacking: Threadjacking (also threadwhacking) is to steer off the original topic in an email thread, especially on a mailing list. Threadjacking can also apply to other conversations on the internet, of course, say on message boards, blogs or social networking sites. Whether the threadjacker changes the subject line to reflect the change in subject or retains the original email subject, to take over a thread can be regarded as threadjacking in either case.
Thumbnail: A small low resolution representation of a larger picture format file.
To: The To: line of an email contains its primary recipient or recipients. All recipients in the To: line are visible to all other recipients, possibly by default.
TOR: Stands for “The Onion Router. TOR is US Government-created (through the US Naval Research Lab) software designed to allow anonymous or semi-anonymous communication.
Tracking: In an email marketing campaign, measuring behavioral activities such as click-through and open-ups.
Trialware: Software that can only be run for a limited amount of time before it expires.
Trojan Horse: A computer program that hides or disguises another program. The victim starts what he or she thinks is a safe program and instead willingly accepts something also designed to do harm to the system on which it runs.
Two-factor authentication: Attaching a phone number or email address to an account for heightened security.

Unallocated data: Data that is contained within the physical memory of a volume that is not accessible by the operating system. The data may be complete or fragments of files that have been previously deleted and overwritten, or lost from access by the operating system.
Unallocated Space: The portion of the hard drive that is not allocated to active files. When a file is deleted, only the link to the file is removed. The actual file remains in the unallocated space of the hard drive until it has been overwritten.
Unicode: Unicode is a way to represent characters and symbols on computers and devices with support for most of the world’s writing systems (including African, Arabic, Asian and Western).
Uniform Resource Locator (URL): The address of a file or Web page accessible on the Internet (for example, http://www.bitstreamforensics.com).
Universal Serial Bus (USB): Small storage devices accessed using a computer’s USB ports, can be easily removed, transported – and concealed.
Unix: A very popular operating system. Used mainly on larger, multi-user systems.
User: A common term for the person using a computer or device.
User Interface: A set of controls such as buttons, commands and other devices that allow a user to operate a computer program.

Virtual Private Network: Also known as a VPN, it allows you to create a secure connection to another network using the internet.
Virtual Storage: A ‘third party’ storage facility on the internet, enabling data to be stored and retrieved from any browser.
Virus: A program, macro or fragment of code that causes damage and can be quickly spread through Web sites or email.

Web-Based Email: As the name implies, email that is accessed and stored on the Internet. This includes programs such as Hotmail, Gmail, Yahoo, and others. Typically, these programs store the email on their own servers, but the email can be moved down to the user’s computer.
Web Browser: Often referred to as “browser.” This is a program used to find and display web pages. Example are Microsoft Internet Explorer, and Apple Safari.
Windows: Operating system marketed by Microsoft. In use on desktop PCs, the system automatically loads into the computer’s memory in the act of switching the computer on. MS-DOS, Windows, Windows 3.0, Windows 95, Windows 98, Office XP, Windows XP, Windows NT, Windows Vista, Windows 7, Windows 8, Windows, 10, Windows Server are registered trademarks of Microsoft Corporation.
Windows Swap File: Also known as the Page file, or Pagesys file. This is a virtual memory file used by Windows as a kind of scratch pad during most operations. The Swap file is usually quite large and often contains records of operations or remnants of files not found elsewhere. A lot of keyword searches will be found in the Swap File.
Wireless Network Card: An expansion card presents in a computer that allows cordless connection between that computer and other devices on a computer network. This replaces the traditional network cables. The card communicates by radio signals to other devices present on the network.
White Hat Hacking: Hacking that is meant to do minimal damage and is usually done out of curiosity.
Whitelist: A list of pre-authorized email addresses from which email messages can be delivered regardless of spam filters.
Worm: Malicious code that is often spread through an executable attachment in an email message.

XML: A flexible way to create standard information formats and share both the format and the data on the World Wide Web. Also known as "Extensible Markup Language".

Zero-day exploit: A previously unknown, bug, flaw, or backdoor in software. An attack happens once this flaw is exploited and attackers release malware before the flaw can be patched.

LET'S GET SOCIAL

Keep up with all things Bitstream Forensics, digital forensics, and data recovery. Join us on our Facebook, Instagram, and Twitter pages for all the latest news. Join us for topics such as security tips, online safety tips, true crime and forensics, data recovery, social media forensics, vehicle forensics, mobile forensics, and so much more! Like and share our pages today! Big announcements coming soon!