Understanding technical terms is the first hurdle to overcome in mastering electronic evidence. Here are some definitions of the less familiar terms.
A
access control-A method of assigning rights to individuals and entities to access various computer-related resources, such as defining the Access Control List to permit only members of the Human Relations Department to access sensitive employee files.
ambient data See residual data.
archiving-Copying data to magnetic, optical, or other long-term storage media. Such media is typically stored off-site at a secure facility.
ASCII-An acronym for American Standard Code for Information Interchange, an almost universally accepted format for exchanging text-based information. ASCII format is, however, limited in that it does not preserve the formatting of the text or any special characteristics of the document (e.g., footnotes, tables, bullet points).
asymmetric encryption-A method of encryption in which every user has two passwords: one private, the other public. The public passwords are exchanged freely and are frequently listed in public directories on the Internet. In contrast, the private password is known only to its owner and is never shared with anyone else. The public and private passwords are related by a complex mathematical formula, which prevents one password from being deduced from the other. The public password can be widely disseminated without compromising security. Asymmetric encryption is also known as public-key encryption. It is the most common form of encryption used in online communications and transactions.
audit trail-An automatic feature of computer operating systems or certain programs that creates a record of transactions relating to a file, piece of data, or particular user.
Australian Standard (AS) 4390-Australian Standard for Records Management.
B
backups-Duplicate copies of data, generally stored at an off-site, secure facility.
biometrics-The science of identifying an individual based on physical traits, such as fingerprints, retina pattern, voice, and hand geometry.
bit-The smallest unit of data. A bit can have only one of two values: "1" or "0".
byte-A basic unit of data. A byte consists of eight bits and can represent a single character such as a letter or number. A "megabyte" refers to a million bytes of information. A "gigabyte" refers to a billion bytes of information.
C
cache-Memory used to store frequently used data. With regard to the Internet, caching refers to the process of storing popular or frequently visited web sites on a hard disk or in RAM so that the next time the site is accessed it is retrieved from memory rather than from the Internet. Caching is used to reduce traffic on the Internet and to vastly decrease the time it takes to access a web site.
Central Processing Unit-(CPU) The portion of a computer that controls the processing and storage of data.
certificate authority-A trusted third-party company or organization that issues digital certificates used to create digital signatures and public-private key pairs. The certificate authority essentially verifies that the person granted the certificate is, in fact, who he or she claims to be. See asymmetric encryption and digital signature.
ciphertext-The encrypted version of a message or data file. See plaintext.
client computer-A personal computer or workstation connected to a network file server. See file server.
client-server network-A type of network in which server computers provide files to client computers. See client computer and file server.
compressed files-A file in which the contents have been "compressed" using specialized software so that the file occupies less storage space than in its uncompressed state. Files are typically compressed to save disk storage space or to decrease the amount of time required to send them over a communications network like the Internet.
cookie-A small data file placed on a personal computer by a web site's server, often without the user's knowledge or permission. This allows the web site to remember that user the next time the user visits the site. The stored information about a user is useful in e-commerce marketing, but is also useful as evidence in litigation. The cookies on a person’s computer can tell you what web sites that person has visited.
CPU-Acronym for Central Processing Unit. See also Central Processing Unit.
D
DAT-Acronym for digital audio tape. See also digital audio tape.
Data Encryption Standard-(DES) One of the most popular forms of private key encryption. DES was developed by IBM in the late 1970s.
database-The structured storage of data in such a way that it may easily be retrieved (e.g., entering search terms into an online form).
decryption-The process of decoding a message or data file that has been encrypted. See encryption.
DES-Acronym for Data Encryption Standard. See also Data Encryption Standard.
digital audio tape-(DAT) A medium that is often used as a backup or storage system for computer files.
digital signature-A digital code that can be attached to an electronic message that uniquely identifies the sender.
digitize-The process of translating a traditional document (e.g., a picture, sound recording, or video recording) into electronic form.
directory-A catalog for filenames and other directories stored on a disk. A directory is a way of organizing and grouping the files. A directory is usually used to group related electronic documents or files pertaining to a particular application program.
disk mirroring-A method of protecting data from a catastrophic hard disk failure. As each file is stored on the hard disk, an identical, "mirror", copy is made on a second hard disk or on a different partition of the same disk. If the first disk fails, the data can be recovered instantly from the mirror disk. Mirroring is a standard feature in most network operating systems.
distributed data-That information belonging to an organization which resides on portable media and non-local devices such as home computers, laptop computers, floppy disks, CD-ROMs, personal digital assistants ("PDAs"), wireless communication devices (e.g., Blackberry), zip drives, Internet repositories such as e-mail hosted by Internet service providers or portals, web pages, and the like. Distributed data also includes data held by third parties such as application service providers and business partners.
DMS-Acronym for Document Management System. See also Document Management System.
Document Management System-(DMS) A system of creating, storing, managing, archiving, and retrieving documents, particularly computer-created documents.
E
encryption-A method of using mathematical algorithms to encode a message or data file so that it cannot be understood without a password.
event log-The computer file that records certain actions taken on a computer system.
extranet-An extension of the corporate intranet over the Internet so that vendors, business partners, customers, and others can have access to the intranet. See intranet and Internet.
F
field(s)-Individual entries or groups of entries within a file relating to the same subject. For example, a litigation support database may have fields for the creator and recipient of a document and its subject.
file-A collection of data or information stored under a specified name on a disk. Examples of files are programs, data files, spreadsheets, databases, and word-processing documents.
file server-A central computer used to store files (e.g., data, word-processing documents, programs) for use by client computers connected to a network. Most file servers run special operating systems known as "network operating systems (NOS)". Novell Netware and Windows NT are common NOS. See client computer and client-server network.
forensic copy-An exact bit-by-bit copy of the entire physical hard drive of a computer system, including slack and unallocated space.
H
hard copy-The printed version of an electronic document.
hard disk-A storage device based on a fixed, permanently mounted disk drive. Hard disks can be either internal or external to the computer.
hash function-A mathematical method of generating a unique number to represent the content of a message or document. Any change to the message or document will cause the hash function to change. Hash functions are used to authenticate information to insure that it has not been modified or tampered with in any way. Hash functions are commonly used in digital signatures and public-key encryption.
history files-The online addresses, recorded by a web browser, that a user has visited.
home page-Generally the first of a collection of HTML pages, collectively forming a web site. See HTML and web site.
HTML-Acronym for Hypertext Markup Language. See also Hypertext Markup Language.
Hypertext Markup Language-(HTML) The formatting and layout language used to create documents for viewing on the World Wide Web. HTML tells web browsers how documents on the web are to be displayed.
I
Internet-A global collection of interconnected computers and networks that use the TCP/IP (Transmission Control Protocol/Internet Protocol) protocols to communicate with each other. At one time, the term "Internet" was used as an acronym for "interconnected networks".
intranet-A computer network designed to be used within a business or company. An intranet is so named because it uses much of the same technology as the Internet. Web browsers, e-mail, newsgroups, HTML documents, and web sites are all found on intranets. In addition, the method for transmitting information on these networks is TCP/IP. See Internet.
K
key-In the context of encryption, a "key" is a more general form of a password. Passwords are ordinarily thought of as a brief series of characters that a user commits to memory. In contrast, a key is usually a small computer file consisting of 56 or more random characters. Typical key lengths for symmetric encryption systems are 56 or 128 bits. Asymmetric systems have key lengths of a thousand or more bits.
L
LAN-Acronym for local area network. See also local area network.
legacy data-Information the development of which an organization may have invested significant resources and that has retained its importance, which has been created or stored by software and/or hardware that has been rendered outmoded or obsolete.
Local Area Network-(LAN) A network of computers and other devices generally located within a relatively limited area (e.g., within a particular office, building, or group of buildings).
M
machine readable data-(MRD) Data in a format that may be accessed and used by a computer.
metadata-Metadata is information about a particular data set which describes how, when and by whom it was collected, created, accessed, and modified and how it is formatted. Some metadata, such as file dates and sizes, can easily be seen by users; other metadata can be hidden or embedded and is unavailable to computer users who are not technically adept. Metadata is generally no reproduced in full form when a document is printed. (Typically referred to by the not highly informative “shorthand” phrase “data about data,” describing the content, quality, condition, history, and other characteristics of the data.)
migrated data-Information that has been moved from one database or format to another, usually as a result of a change from one hardware or software technology to another.
MRD-Acronym for machine readable data. See also machine readable data.
O
object code-The machine readable version of a computer program. See source code.
OCR-Acronym for optical character recognition. See also optical character recognition.
operating system-(OS) A program used to control the basic operation of a computer (e.g., storing and retrieving data from memory, controlling how information is displayed on the computer monitor, operating the central processing unit, communicating with peripherals).
optical character recognition-(OCR). Software used in conjunction with a scanner that is capable of reading text-based documents and making them available for editing on the computer by, for example, a word-processing program or spreadsheet.
OS-Acronym for operating system. See also operating system.
P
PC-Acronym for personal computer.
PDAs-Acronym for Personal Digital Assistants. See also Personal Digital Assistants.
peripheral-A device that is connected to a computer for the purpose of inputting or outputting information. Common peripherals include printers, monitors, keyboards, modems, and scanners.
Personal Digital Assistants-(PDAs) These devices range from compact personal electronic organizers (e.g., calendars, phone lists, brief notes) to the new breed of palm-sized computers that are capable of running full-featured word-processing programs and spreadsheets and of browsing the Internet and sending and receiving e-mail. PDAs can hold hundreds, and soon thousands, of pages of information.
plaintext-The version of a message or data file before it is encrypted. See ciphertext, private-key encryption
See symmetric encryption.
public-key encryption
See asymmetric encryption.
R
RAM-Acronym for random access memory. See also Random Access Memory.
Random Access Memory-(RAM) An integrated circuit into which data can be read or written by a microprocessor or other device. The memory is volatile and will be lost if the system is disconnected from its power source.
Read Only Memory-(ROM) An integrated circuit into which information, data, and/or programs are permanently stored. The absence of electric current will not result in loss of memory.
residual data-Data that is not active on a computer system, including (1) data found on media free space; (2) data found in file slack space; and (3) data within files that has functionally been deleted in that it is not visible using the application with which the file was created, without use of undelete or special data recovery techniques. (Sometimes referred to as "ambient data".)
ROM-Acronym for read only memory. See also Read Only Memory.
ROT13-A simple, yet popular, form of encryption used primarily on Internet newsgroups. ROT13 is a "substitution cipher" in which each letter of a message is replaced by the letter 13 places away from it in the alphabet.
rotation-A plan or policy that involves the reuse of an electronic media device after it has been used for backup or other data storage purposes. Rotation policies can become crucial in a case, especially if data residing on the device is altered or destroyed once the device is reused.
RSA-The most popular form of public-key encryption.
S
scanner-A computer peripheral that is capable of taking hard-copy documents and reducing them to electronic form.
soft copy-electronic version of a document.
software-A series of prerecorded commands issued to a computer to accomplish a particular task.
source code-The version of a computer program that can be read by humans. The source code is translated into machine readable code by a program called a "compiler". Access to the source code is required to understand how a computer program works or to modify the program. See object code.
spoliation-The destruction (typically improper) of evidence, including electronic records such as e-mail and word-processed documents created and stored on computers.
spoofing-The practice of transmitting an e-mail so that it appears to have been sent by someone else. Often, computer forensic experts are needed to determine whether an e-mail message has been spoofed.
stand-alone computer-A personal computer that is not connected to any other computer or network, except possibly through a modem.
symmetric encryption-A method of encryption that uses the same key to encrypt and decrypt a message. The most common form of symmetric encryption is the password function provided in most word-processing and spreadsheet programs. Symmetric encryption is also known as private-key encryption.
W
WAN-Acronym for wide area network. See also Wide Area Network.
Web-See World Wide Web.
web browser-A program used to view HTML pages on the World Wide Web.
web server-A computer on which a web site is stored.
web site-A collection of related HTML documents stored on the same computer and accessible to users of the Internet. See home page.
Wide Area Network-(WAN) A network of computers and other devices distributed over a broad geographic area.
workstation-A personal computer connected to a network. A workstation can also refer to a high performance computer used for intensive graphics or numerical calculations.
World Wide Web-Abbreviated "WWW" or the "Web". A user-friendly, graphical interface to the Internet. Documents, sometimes called "pages", on the Web are created using the Hypertext Markup Language ("HTML"). Documents are connected to one another on the Web through the use of "hyperlinks". A hyperlink is a highlighted word, phrase, or graphic image that when selected by pressing a key or the click of a mouse will automatically transfer the user from one page on the Web to another. Web pages are transmitted over the Internet using the Hypertext Transfer Protocol (HTTP).
WWW-for World Wide Web. See also World Wide Web.