Common Terms
Common terminology is critical in the digital evidence world. The Scientific Working Group on Digital Evidence (SWGDE) in collaboration with the Scientific Working Group on Imaging Technology (SWGIT) has developed and continuously maintains a glossary of terms used within the digital and multimedia disciplines. SWGDE has used ASTM International, a recognized standards organization, to establish international acceptance of terminology. SWGDE/SWGIT’s full glossary is available online.
Some common terms include:
Cloud Computing - software, applications and digital storage that is accessed on the Internet through a web browser or desktop or mobile app. The software and user’s data are stored on servers at a remote location.
Data - Information in analog or digital form that can be transmitted or processed.
Data Extraction - A process that identifies and recovers information that may not be immediately apparent.
Encryption - A procedure that converts plain text into symbols to prevent anyone but the intended recipient from understanding the message.
File Format - The structure by which data is organized in a file.
Forensic Wipe - A verifiable procedure for sanitizing a defined area of digital media by overwriting each byte with a known value; this process prevents cross-contamination of data.
Handheld (Mobile) Devices - Handheld devices are portable data storage devices that provide communications, digital photography, navigation systems, entertainment, data storage, and personal information management.
Hash or Hash Value - Numerical values that represent a string of text (search term), generated by hashing functions (algorithms). Hash values are used to query large sums of data such as databases or hard drives for specific terms. In forensics, hash values are also used to substantiate the integrity of digital evidence and/or for inclusion and exclusion comparisons against known value sets.
Log File - A record of actions, events, and related data.
Media - Objects on which data can be stored. Includes hard drives, thumb drives, CD/DVD, floppy discs, SIM cards from mobile devices, memory cards for cameras, etc.
Metadata - Data, frequently embedded within a file, that describes a file or directory, which can include the locations where the content is stored, dates and times, application specific information, and permissions. Examples: Email headers and website source code contain metadata.
Partition - User defined section of electronic media. Partitions can be used to separate and hide information on a hard drive.
Source Code - The instructions written in a programming language used to build a computer program.
Work Copy - A copy or duplicate of a recording or data that can be used for subsequent processing and/or analysis. Also called an image.
Write Block/Write Protect - Hardware and/or software methods of preventing modification of content on a media storage unit like a CD or thumb drive.