admin
  • 3D Printing Forensics: The examination of 3D printing data, including the analysis of 3D printing files and physical objects, to assist in criminal investigations.
  • Adware: A type of malware that displays unwanted advertisements on a computer system or network.
  • Affidavit: A written statement made under oath, used to provide evidence or to provide testimony in a court of law.
  • Anti-Forensics: Techniques and methods used to conceal or destroy digital evidence or to make it difficult for forensic investigators to recover and analyze data.
  • Archaeological Forensics: The examination of archaeological evidence, including the analysis of artifacts, bones, and other ancient remains, to assist in criminal investigations.
  • Arson Investigation: The investigation of fires to determine their cause and origin, including the examination of fire scenes, evidence, and witnesses.
  • Artificial Intelligence (AI) Forensics: The use of AI techniques in forensic investigations to automate and enhance various tasks, such as image analysis, text classification, and digital evidence processing.
  • Artificial Intelligence Forensics: The examination of artificial intelligence (AI) systems, including the analysis of algorithms, models, and data, to assist in criminal investigations.
  • Artificial Intelligence Forensics: The use of artificial intelligence algorithms and techniques to assist in forensic investigations.
  • Audio and Video Forensics: The examination of audio and video recordings, including the analysis of surveillance footage, telephone recordings, and other types of audio and video evidence, to determine the authenticity of recordings and to link individuals or evidence to a crime scene.
  • Audio Forensics: The examination of audio data, including the analysis of audio recordings, to assist in criminal investigations.
  • Audio Forensics: The examination of audio evidence, including the analysis of audio recordings, to recover digital evidence related to a crime.
  • Audio Forensics: The examination of audio recordings, including the analysis of sound quality and manipulation, to assist in criminal investigations.
  • Audio/Video Forensics: The process of collecting and analyzing audio and video recordings, such as phone calls, voicemail messages, or security camera footage, for the purpose of verifying the authenticity and reliability of the evidence, or of reconstructing events or activities.
  • Authentication: The process of verifying the authenticity of physical or digital evidence.
  • Authentication: The process of verifying the identity of a person or system, such as through the use of passwords, biometric data, or smart cards.
  • Autopsy: A medical examination of a dead body to determine the cause of death.
  • Backdoor: A hidden and unauthorized entry point into a computer system, allowing an attacker to gain access and control over the system.
  • Ballistics Forensics: The examination of firearms, including the analysis of bullets, shell casings, and other firearms-related evidence, to assist in criminal investigations.
  • Ballistics: The scientific study of firearms, including the behavior of projectiles, the design and behavior of firearms, and the examination of bullets, cartridge cases, and other related evidence.
  • Ballistics: The study of firearms, including the analysis of firearms and ammunition, the trajectory of projectiles, and other physical characteristics, to assist in criminal investigations.
  • Bitemark Analysis: The examination of bite marks, including the analysis of bite marks on human skin or other materials, to link individuals or evidence to a crime scene.
  • Blockchain Forensics: The examination of blockchain data, including the analysis of blockchain transactions and other information stored on a blockchain, to assist in criminal investigations.
  • Blockchain Forensics: The examination of blockchain technology, including the analysis of transactions and smart contracts, to assist in criminal investigations.
  • Bloodstain Pattern Analysis: The examination of bloodstain patterns, including the analysis of bloodstain shape, size, and distribution, to assist in criminal investigations.
  • Bloodstain Pattern Analysis: The examination of bloodstains, including the analysis of bloodstain patterns, spatter, and other physical characteristics, to assist in criminal investigations.
  • Bloodstain Pattern Analysis: The study of bloodstains to determine the location and movement of individuals during a crime.
  • Botnet: A network of compromised computers that a malicious actor controls, for the purpose of launching attacks, sending spam, or conducting other malicious activity.
  • Bullet Point List All Forensic: Terminology and Related Definitions.
  • Business Continuity Planning: The process of planning and preparing for the continuation of critical business functions in the event of a disaster or other disruptive event, including the identification of critical systems and processes, and the development of recovery plans and procedures.
  • Chain of Custody: A written record that documents the handling and preservation of evidence from the time of collection to the time of analysis, used to demonstrate the integrity of the evidence and to prevent contamination or alteration of the evidence.
  • Chain of Custody: The chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of physical or digital evidence.
  • Chain of Custody: The continuous documentation of the movement and storage of evidence, from the time of collection to the time of presentation in court.
  • Chain of Custody: The documentation and control of the handling, storage, and transfer of digital evidence from the time of its acquisition to its presentation in court.
  • Checksum: A value that is calculated from the data in a file or message, to ensure the integrity of the data when transmitted or stored.
  • Cloud Forensics: The examination of cloud computing systems, including the analysis of cloud-based data storage and communication systems, to recover digital evidence related to a crime.
  • Cloud Forensics: The examination of cloud data, including the analysis of cloud storage and computing systems, to assist in criminal investigations.
  • Cloud Forensics: The examination of cloud-based computing environments, including the analysis of cloud storage, cloud servers, and cloud applications, to assist in criminal investigations.
  • Cloud Forensics: The examination of cloud-based data, including the analysis of data stored on cloud computing platforms, to assist in criminal investigations.
  • Cloud Forensics: The examination of cloud-based systems, including the analysis of cloud data storage and communications, to recover digital evidence and assist in criminal investigations.
  • Cloud Forensics: The process of collecting, analyzing, and preserving digital evidence from cloud-based computing environments, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS), for the purpose of investigating incidents or crimes involving cloud-based data or services.
  • Cloud Forensics: The process of collecting, analyzing, and preserving digital evidence from cloud-based systems and services, in a manner that is admissible in a court of law.
  • Collection of Evidence: The process of collecting evidence at a crime scene, including the identification, documentation, and preservation of evidence.
  • Computer Forensics: The application of computer science and forensic techniques to recover digital evidence in the course of an investigation.
  • Computer Forensics: The examination of computer data, including the analysis of computer hardware and software, to assist in criminal investigations.
  • Computer Forensics: The examination of digital devices and systems, including the analysis of hard drives, memory, and other digital storage media, to recover digital evidence and assist in criminal investigations.
  • Crime Scene Investigation: The examination of a crime scene to gather evidence, including photographs, measurements, and samples.
  • Crime Scene Reconstruction: The process of re-creating a crime scene, including the analysis of physical evidence and witness statements, to better understand the events that took place.
  • Cryptographic Hash: A hash function that has certain security properties, including the ability to detect any changes made to the original data, and the property that it is computationally infeasible to generate the same hash value for different data.
  • Cryptographic Hash: A hash function that is designed to be secure, meaning it is computationally infeasible to generate two messages with the same hash, or to generate a message with a specific hash.
  • Cryptography: The practice of converting plain text into ciphertext to protect the confidentiality and integrity of data, and the practice of converting ciphertext back into plain text for use.
  • Cryptography: The practice of secure communication and data protection, including the use of encryption algorithms to secure data.
  • Cryptography: The science of secure communication, including the use of encryption techniques to protect the confidentiality, integrity, and authenticity of data.
  • Cyber Crime Investigation: The investigation of crimes committed using technology, including computer hacking, cyberstalking, and identity theft.
  • Cyber Forensics: The application of forensic science to digital devices and systems, including the investigation of cybercrime.
  • Cyber Forensics: The examination of digital devices, including computers and smartphones, to recover digital evidence in the course of an investigation.
  • Cybercrime Forensics: The examination of digital evidence related to cybercrimes, including the analysis of computer systems, networks, and digital devices, to identify and prevent cybercrime.
  • Cybercrime Scene Investigation: The investigation of cybercrime scenes, including the examination of digital devices, systems, and networks, to recover digital evidence related to a crime.
  • Cybercrime: Criminal activities committed using the internet, computer networks, or digital devices, including hacking, identity theft, fraud, and cyberbullying.
  • Cybercrime: Criminal activities that involve the use of computers, networks, and the internet, such as hacking, identity theft, and online fraud.
  • Cybercrime: Criminal activity that involves the use of digital technology, including computer hacking, online fraud, and identity theft.
  • Cybersecurity Forensics: The examination of digital devices and systems to identify and prevent security breaches, including the analysis of network logs, system images, and other digital evidence.
  • Cybersecurity Forensics: The examination of digital security incidents, including the analysis of cyber attacks and data breaches, to identify and prevent security threats.
  • Cybersecurity: The protection of digital devices and systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
  • Data Analysis: The process of examining data to extract meaningful information, including the use of statistical methods, data visualization, and data mining techniques.
  • Data Carving: The process of manually or automatically searching for and extracting specific types of data or files from raw or unallocated disk space, for the purpose of recovering lost or deleted information.
  • Data carving: The process of recovering deleted or fragmented files from a storage media, such as a hard drive or flash drive, by searching for and extracting specific file types or structures.
  • Data Carving: The process of recovering lost or deleted data from digital media by searching for known file headers and footers.
  • Data Mining: The process of discovering patterns, relationships, and trends in large datasets, including the use of machine learning algorithms and statistical methods.
  • Data Recovery: The process of restoring data that has been lost, damaged, or deleted from a disk drive.
  • Data recovery: The process of restoring lost, deleted, or corrupted digital data from various sources, such as hard drives, flash drives, and mobile devices, for the purpose of preserving digital evidence.
  • Data Recovery: The process of retrieving data that has been lost or damaged, including the recovery of data from damaged or corrupted hard drives, memory devices, or other storage media.
  • Database Forensics: The examination of databases, including the analysis of database management systems, to recover digital evidence related to a crime.
  • Database Forensics: The examination of databases, including the analysis of database structures and data, to assist in criminal investigations.
  • Database Forensics: The examination of databases, including the analysis of database systems and records, to recover digital evidence and assist in criminal investigations.
  • Database Forensics: The process of collecting, analyzing, and preserving digital evidence from databases, in a manner that is admissible in a court of law.
  • Dead Forensics: The examination of a non-running computer system to collect data and information, typically through the use of imaging or cloning the storage media, to assist in criminal investigations.
  • Decryption: The process of converting ciphertext back into its original plaintext form, typically through the use of decryption algorithms or cryptographic keys.
  • Deposition: A pre-trial testimony taken under oath, used to provide evidence or to provide testimony in a court of law.
  • Digital Evidence: Any data that is stored electronically and can be used as evidence in a legal case.
  • Digital Forensics Framework: A standardized methodology or set of procedures used to conduct digital forensic investigations.
  • Digital Forensics Laboratory: A laboratory dedicated to the examination of digital evidence, including the use of specialized tools and techniques for forensic analysis.
  • Digital Forensics: The application of forensic science to digital devices and systems, including the analysis of digital data and the investigation of cybercrime.
  • Digital forensics: The application of scientific and investigative techniques to preserve, collect, analyze, and present electronic data in a manner that is admissible as evidence in a court of law.
  • Digital Forensics: The application of scientific and technical methods to the examination of digital devices, such as computers, smartphones, and hard drives, to recover evidence related to a crime.
  • Digital Forensics: The branch of forensics that deals with the collection, preservation, analysis, and presentation of digital evidence.
  • Digital Forensics: The examination of digital devices and systems, including the analysis of computers, smartphones, and other digital devices, to recover digital evidence related to a crime.
  • Digital Forensics: The process of collecting, analyzing, and preserving digital evidence in a manner that is admissible in a court of law.
  • Digital signature: A unique and encrypted identifier, generated using public key cryptography, that is attached to a digital file or message to verify its authenticity and integrity.
  • Digital Signature: A value that is generated using a private key, and is used to verify the authenticity and integrity of digital data, such as electronic messages and documents.
  • Disaster Recovery: The process of restoring normal operations after a disaster or other disruptive event, including the recovery of systems, data, and other critical resources.
  • Disk Forensics: The examination of hard disk drives, including the analysis of disk images and file systems, to recover digital evidence related to a crime.
  • Disk Imaging: The process of creating an exact copy of a disk drive, including all the data on the disk, for forensic analysis.
  • Disk imaging: The process of making a forensic copy of a storage device, such as a hard drive or memory card, for the purpose of preserving the original data for analysis.
  • DNA Analysis: The analysis of DNA samples to identify individuals or match evidence to a suspect.
  • DNA Analysis: The examination of DNA, including the analysis of blood, saliva, semen, and other biological samples, to determine the identity of individuals or link them to a crime scene.
  • DNA Forensics: The examination of biological evidence, including the analysis of DNA samples, to identify individuals and assist in criminal investigations.
  • Document Dating Examination: The examination of documents, including the analysis of paper and ink aging, to determine the age of a document and assist in criminal investigations.
  • Document Examination: The examination of written documents, including handwriting, typewriting, and printed materials, to determine their authenticity and to identify forgeries.
  • Document Examination: The examination of written materials, including the analysis of handwriting, typewriting, and other types of written evidence, to determine authenticity and authorship.
  • Document Forensics: The examination of document evidence, including the analysis of handwriting, ink, and paper, to assist in criminal investigations and to authenticate documents.
  • Document Forensics: The examination of documents, including the analysis of written materials, to assist in criminal investigations.
  • Drug Analysis: The examination of substances to determine their composition, including the identification of illegal drugs and controlled substances.
  • eDiscovery Forensics: The examination of electronic data, including the analysis of email, social media, and other digital communications, to assist in legal proceedings.
  • E-Discovery: The process of collecting, reviewing, and producing electronic information in response to a request for evidence in a legal case.
  • E-discovery: The process of identifying, collecting, and analyzing electronic data, such as emails, documents, and social media posts, for the purpose of using it as evidence in legal proceedings.
  • eDiscovery: The process of identifying, collecting, and producing electronically stored information (ESI) in response to a request for production in a legal matter.
  • Electronic Evidence: Any type of data or information stored electronically, including computer files, email, text messages, and other forms of digital data.
  • Electronic Signature: An electronic signature is a signature that is created and stored electronically, and is used to verify the authenticity of electronic documents.
  • Email Forensics: The examination of email, including the analysis of email headers, attachments, and content, to assist in criminal investigations.
  • Encryption Forensics: The examination of encrypted data, including the analysis of encryption algorithms and encryption keys, to assist in criminal investigations.
  • Encryption: The process of converting plain text into an unreadable format, using a mathematical algorithm and a secret key, for the purpose of protecting sensitive information.
  • Encryption: The process of converting plain text into ciphertext, using a mathematical algorithm, to protect the confidentiality and integrity of data.
  • Encryption: The process of converting plaintext into a coded form, called ciphertext, to prevent unauthorized access or modification of the data.
  • Encryption: The process of converting plaintext into an unreadable form, known as ciphertext, to protect data from unauthorized access or theft.
  • Entomological Forensics: The examination of insect evidence, including the analysis of insect activity and development, to assist in criminal investigations.
  • Entomology: The study of insects, including the examination of insect evidence, such as maggots and beetles, to determine the time since death in a case of suspicious death.
  • Environmental Forensics: The examination of environmental evidence, including soil, water, and air samples, to determine the source and extent of environmental contamination.
  • Environmental Forensics: The examination of environmental evidence, including the analysis of soil, water, and air samples, to assist in criminal investigations.
  • Evidence Analysis: The process of analyzing evidence to determine its relevance and importance, and to extract meaningful information from the evidence.
  • Evidence Analysis: The process of examining digital evidence to determine its relevance, authenticity, and reliability, and to extract information that is relevant to an investigation.
  • Evidence Analysis: The process of examining physical or digital evidence for the purpose of identifying and extracting relevant information.
  • Evidence Analysis: The process of examining physical or digital evidence to identify relevant information or to determine the origin or authenticity of the evidence.
  • Evidence Chain of Custody: A record of who has had physical control of an item of evidence, including the date and time of transfer, and the identity of the person receiving and delivering the evidence.
  • Evidence Chain of Custody: The documentation of the transfer and handling of evidence from the point of origin to the point of presentation in a legal proceeding or investigation, including a record of all individuals who have handled the evidence and the circumstances under which it was handled.
  • Evidence Collection: The process of collecting and preserving physical, digital, and testimonial evidence for use in a legal proceeding or investigation.
  • Evidence Collection: The process of collecting, preserving, and documenting physical or digital evidence for forensic analysis.
  • Evidence Collection: The process of gathering physical or digital evidence in a manner that preserves the integrity of the evidence and prevents contamination.
  • Evidence Collection: The process of identifying, acquiring, and preserving digital evidence, in a manner that ensures the authenticity and integrity of the evidence.
  • Evidence Presentation: The process of presenting evidence in a court of law, including the testimony of witnesses, the submission of written reports, and the introduction of physical evidence.
  • Evidence Presentation: The process of presenting physical or digital evidence in a court of law.
  • Evidence Preservation: The process of maintaining the authenticity and integrity of digital evidence, so that it can be used in a court of law.
  • Evidence Preservation: The process of maintaining the integrity and authenticity of physical, digital, and testimonial evidence, including the proper storage, handling, and documentation of evidence.
  • Evidence Preservation: The process of maintaining the integrity of physical or digital evidence, including the proper storage and handling of evidence, to ensure its admissibility in a court of law.
  • Evidence Preservation: The process of protecting physical or digital evidence to ensure its integrity and authenticity for use in forensic analysis and court proceedings.
  • Evidence Processing: The process of preparing and analyzing evidence, including the collection of data, the analysis of data, and the reporting of findings.
  • Evidence Processing: The process of preparing physical or digital evidence for analysis, including the imaging, cloning, or copying of evidence, and the preparation of forensic images or copies of evidence.
  • Evidence Report: A written document that summarizes the findings and conclusions of a forensic examination, including a description of the evidence collected and analyzed, and a discussion of the results of the analysis.
  • Evidence-Based Decision Making: The process of making decisions based on evidence, including the collection and analysis of data, the interpretation of results, and the consideration of alternative explanations.
  • Evidence-Based Practice: The process of using evidence, including the best available research evidence, to inform decision making and to improve outcomes.
  • Expert Witness: A person with specialized knowledge and experience who is qualified to provide testimony in a court of law.
  • Expert Witness: An individual who is recognized as having specialized knowledge or expertise in a particular area, and who provides testimony in a court of law to assist the trier of fact.
  • Explosion Investigation: The investigation of explosions, including the examination of explosion scenes and evidence to determine the cause and origin of the explosion.
  • File Carving: The process of extracting files from an image file, based on the file’s header and footer information, without relying on a file system or index.
  • File carving: The process of extracting files from unallocated or slack space on a storage device, without relying on the file system or directory structures.
  • File Carving: The process of extracting files from unallocated space on a disk drive, even if the file system is damaged or deleted.
  • File System Analysis: The process of analyzing and interpreting the structure, organization, and metadata of a file system, such as NTFS, FAT, or HFS, for the purpose of reconstructing user activities, identifying hidden or deleted files, or understanding the data storage mechanisms.
  • File system analysis: The process of analyzing the contents of a computer’s file system, including metadata, timestamps, and permissions, for the purpose of discovering and preserving digital evidence.
  • File System Analysis: The process of analyzing the structure and contents of a file system, to determine the presence and location of files and other data.
  • File System Forensics: The branch of digital forensics that deals with the examination of file systems, including the recovery of deleted or hidden files, and the reconstruction of file activity.
  • File System Forensics: The examination of file systems, including the analysis of disk images and file system metadata, to recover digital evidence related to a crime.
  • File System Forensics: The examination of file systems, including the analysis of file metadata and file contents, to assist in criminal investigations.
  • Fingerprint Analysis: The examination of fingerprints to identify individuals or match evidence to a suspect.
  • Fingerprint Analysis: The examination of fingerprints, including the analysis of fingerprint samples, to identify individuals and assist in criminal investigations.
  • Fire and Explosives Forensics: The examination of fire and explosive incidents, including the analysis of fire and explosive evidence, to assist in criminal investigations.
  • Fire Debris Analysis: The examination of materials left behind after a fire to determine the cause and origin of the fire.
  • Fire Investigation: The investigation of fires to determine their cause, origin, and extent, including the examination of fire scenes, evidence, and witnesses.
  • Firearm and Ballistics Examination: The examination of firearms and related evidence, including the examination of bullets, cartridge cases, and other related evidence, to determine the type of firearm used, the identity of the firearm, and the trajectory of bullets.
  • Firearm and Toolmark Identification: The examination of firearms and tool marks to determine the type of weapon or tool used and to link individuals or evidence to a crime scene.
  • Firearm Examination: The examination of firearms and related evidence, including the examination of bullets, cartridge cases, and other related evidence, to determine the type of firearm used, and the identity of the firearm.
  • Firearm Examination: The examination of firearms, including the analysis of firearms-related evidence, to assist in criminal investigations.
  • Firewall: A network security device that monitors and filters incoming and outgoing network traffic, based on predefined security rules and policies.
  • Fish and Game Forensics: The examination of fish and game evidence, including the analysis of DNA and other biological markers, to assist in criminal investigations.
  • Footprint Analysis: The examination of footprints, including the analysis of shoeprints and tire treads, to identify individuals and assist in criminal investigations.
  • Footwear Analysis: The examination of footwear impressions left at a crime scene to identify the type of shoe, and possibly the manufacturer, and to compare the impressions to the shoes of suspects.
  • Footwear Forensics: The examination of footwear, including the analysis of shoe prints and shoe wear patterns, to assist in criminal investigations.
  • Forensic Accountancy: The examination of financial records, including the analysis of bank statements, invoices, and other financial documents, to assist in the investigation of financial crimes, such as fraud and embezzlement.
  • Forensic Analysis: The application of scientific and technical methods to the examination of physical, digital, and testimonial evidence, to establish facts and draw conclusions for use in a legal proceeding or investigation.
  • Forensic Anthropology: The application of physical anthropology to legal issues, including the identification of human remains.
  • Forensic Anthropology: The study of human bones and tissues to determine the cause of death and other information about individuals, including the examination of skeletal remains and other human tissues to identify individuals or link them to a crime scene.
  • Forensic Architecture: The application of architectural principles and techniques to the investigation of crimes, including the examination of building plans, site plans, and crime scenes to reconstruct events and determine the cause and origin of fires, explosions, and other incidents.
  • Forensic Data Recovery: The recovery of lost or damaged data, including the restoration of files and other digital evidence, to assist in criminal investigations and trials.
  • Forensic Engineering: The application of engineering principles and techniques to the investigation of accidents and failures, including the examination of structural failures, fires, and explosions.
  • Forensic Entomology: The study of insects to aid in criminal investigations, including the analysis of insect activity on human remains to determine time of death.
  • Forensic Geology: The examination of geological materials and processes to aid in criminal investigations, including the analysis of soil, rock, and mineral samples to determine the origin of materials or to link individuals or evidence to a crime scene.
  • Forensic Imaging: The examination of images, including the analysis of photographs, x-rays, and other types of images, to assist in criminal investigations and trials.
  • Forensic Laboratory: A facility equipped with the necessary resources and personnel to conduct forensic examinations and analysis.
  • Forensic Linguistics: The study of language and its use in legal contexts, including the examination of language used in written and spoken communication to determine authorship, intent, and meaning.
  • Forensic Odontology: The examination of teeth and jaws to aid in criminal investigations, including the analysis of dental records and bite marks to identify individuals or link them to a crime scene.
  • Forensic Pathology: The examination of medical evidence, including the analysis of human tissue and bodily fluids, to determine the cause of death and other information about individuals.
  • Forensic Psychiatry: The examination of psychiatric evidence, including the assessment of mental states, to assist in criminal investigations and trials.
  • Forensic Psychology: The examination of psychological evidence, including the analysis of behavior and mental processes, to assist in criminal investigations and trials.
  • Forensic Report: A written document that summarizes the results of a forensic investigation, including the methodology used, the evidence analyzed, and the conclusions reached.
  • Forensic Toxicology: The examination of toxic substances, including the analysis of biological samples, such as blood and urine, to determine the presence of drugs, poisons, or other toxic substances.
  • Forensic Toxicology: The study of the effects of drugs and poisons on the human body and the analysis of biological samples to detect their presence.
  • Forensics Triage: The process of quickly assessing and prioritizing digital evidence to determine what should be analyzed first in a forensic investigation.
  • Fraud Investigation: The investigation of financial and white-collar crimes, including embezzlement, money laundering, and securities fraud.
  • Fraudulent Document Examination: The examination of documents to determine if they have been altered or forged, including the examination of signatures, handwriting, and typewriting.
  • Glass Analysis: The examination of glass fragments, including the analysis of glass fragments left behind at a crime scene, to determine the type of glass and to link individuals or evidence to a crime scene.
  • Glass Fracture Analysis: The examination of broken glass, including the analysis of glass fracture patterns and other physical characteristics, to assist in criminal investigations.
  • Hair Analysis: The examination of hair, including the analysis of hair type, color, and other physical characteristics, to assist in criminal investigations.
  • Hair and Fiber Analysis: The examination of hair and fibers, including clothing fibers and carpet fibers, to link individuals or evidence to a crime scene.
  • Handwriting Analysis: The examination of handwriting, including the examination of signatures, to determine the identity of the writer or to compare the handwriting to a known sample.
  • Hash Database: A database containing a list of known hashes and the corresponding files, used in forensic examinations to identify known files and to detect changes or modifications to original data.
  • Hash Function: A mathematical function that takes an input (or ‘message’) and returns a fixed-size string of characters, which serves as a digital fingerprint or ‘hash’ of the original data.
  • Hash Function: A mathematical function that takes an input (or ‘message’) and returns a fixed-sized string of bytes, for use in verifying the integrity of digital data.
  • Hash Function: A mathematical function that takes an input (or ‘message’) and returns a fixed-sized string of characters, called a ‘hash,’ which serves as a digital fingerprint of the message.
  • Hash value: A numerical value produced by a mathematical algorithm that represents the contents of a file or data. Hash values can be used to identify and verify the integrity of a file.
  • Hash Value: A numerical value that is used to verify the authenticity of digital data.
  • Hash Value: A numerical value that represents the unique digital fingerprint of a file or data, used to verify the integrity and authenticity of data.
  • Hash value: A unique representation of a digital file, produced by a hash function, that can be used to verify the integrity and authenticity of the file.
  • Hashing: A mathematical process used to create a unique identifier (hash value) for a file, which can be used to verify the integrity of the file.
  • Hashing: The process of generating a fixed-length, unique, and irreversible identifier, known as a hash, for a digital file, message, or data, for the purpose of verifying its integrity and authenticity.
  • Hashing: The process of generating a unique digital fingerprint, or hash value, for a file or piece of data, for the purpose of verifying its integrity and detecting any changes or tampering.
  • Image file: A bit-by-bit copy of a digital storage media, such as a hard drive or flash drive, that can be analyzed as a forensic artifact.
  • Image File: A digital copy of a storage device, such as a hard drive, that is made for the purpose of forensic analysis.
  • Image Forensics: The examination of digital images, including the analysis of image quality, manipulation, and compression, to assist in criminal investigations.
  • Image Forensics: The examination of image data, including the analysis of digital images, to assist in criminal investigations.
  • Image Forensics: The process of collecting and analyzing digital images, such as photos, screenshots, or graphics, for the purpose of verifying the authenticity and reliability of the evidence, or of reconstructing events or activities.
  • Impression Evidence: Evidence that is left behind by a physical object, such as tire tracks, footprints, or tool marks.
  • Incident Response Plan: A formal plan or procedure, including the roles and responsibilities of personnel, used to respond to a security breach or incident.
  • Incident Response: The process of identifying, containing, and responding to security incidents, in order to prevent further damage and restore normal operations.
  • Incident response: The process of identifying, containing, eradicating, and recovering from a security incident or breach.
  • Incident Response: The process of preparing for and responding to security incidents, including the identification, containment, and resolution of security incidents.
  • Incident Response: The process of responding to a security breach or incident, including the identification, containment, and recovery from a security breach or incident.
  • Incident Response: The process of responding to a security breach or other incident, including the preservation of evidence and the identification of the cause of the incident.
  • Internet of Things (IoT) Forensics: The examination of connected devices, including the analysis of IoT devices, to recover digital evidence related to a crime.
  • Internet of Things (IoT) Forensics: The examination of Internet of Things (IoT) devices, including smart home devices, wearable technology, and other connected devices, to collect data and information, to assist in criminal investigations.
  • Internet of Things (IoT) Forensics: The examination of Internet of Things devices, including the analysis of connected devices and their data, to assist in criminal investigations.
  • Internet of Things (IoT) Forensics: The process of collecting, analyzing, and preserving digital evidence from Internet of Things (IoT) devices, such as smart home devices, in a manner that is admissible in a court of law.
  • Intrusion Detection: The process of monitoring a computer system or network for signs of unauthorized activity, such as unauthorized access attempts, abnormal network traffic patterns, and unexpected system changes.
  • Intrusion Prevention: The process of blocking or mitigating unauthorized activity, such as network intrusions and attacks, by implementing security controls and countermeasures.
  • Key Management: The process of controlling and maintaining the security of cryptographic keys, including the distribution, use, and storage of keys.
  • Latent Print Examination: The examination of latent fingerprints, including the development and analysis of latent prints, to identify individuals and assist in criminal investigations.
  • Latent Print Examination: The examination of latent prints, including the analysis of fingerprints, palm prints, and footprints, to identify individuals or link them to a crime scene.
  • Latent Prints: Invisible or partially visible fingerprints left behind on surfaces that can be made visible through special techniques.
  • Live Forensics: The examination of a running computer system to collect data and information, while the system is still operational, to assist in criminal investigations.
  • Live Forensics: The process of collecting and analyzing digital evidence from a running or live computer system, as opposed to a shutdown or dead system, for the purpose of preserving volatile data and capturing real-time information.
  • Live Forensics: The process of collecting and analyzing digital evidence from a running or live system, such as a computer or a network, for the purpose of preserving the integrity and authenticity of the data, or of investigating incidents or crimes that are ongoing.
  • Live response: The process of collecting data and evidence from a running computer system, without disrupting normal operations, for the purpose of preserving the original data in a forensically sound manner.
  • Log Analysis: The process of analyzing log files, such as system logs and application logs, to identify and investigate security incidents, system anomalies, and other types of abnormal activity.
  • Malware Analysis: The analysis of malicious software, including the identification of its behavior, capabilities, and origin, to assist in criminal investigations.
  • Malware analysis: The process of examining and analyzing malicious software, such as viruses, Trojans, and rootkits, to understand their behavior, detect their presence, and develop countermeasures.
  • Malware Analysis: The process of examining malicious software (malware) to determine its behavior, capabilities, and potential threat to a system or network.
  • Malware Forensics: The examination of malware and malicious software, including viruses, Trojans, and spyware, to collect data and information, to assist in criminal investigations.
  • Malware Forensics: The examination of malware, including the analysis of malicious software and its effects, to assist in criminal investigations and to prevent future malware attacks.
  • Malware: Malicious software, such as viruses, worms, Trojans, and ransomware, that is designed to harm computer systems, steal data, or disrupt operations.
  • Malware: Short for ‘malicious software,’ refers to any software that is designed to cause harm to a computer system or network.
  • Memory analysis: The process of analyzing the contents of a computer’s volatile memory (RAM) for the purpose of acquiring and analyzing digital evidence.
  • Memory Forensics: The branch of digital forensics that deals with the examination of computer memory (RAM) to extract information and evidence.
  • Memory Forensics: The examination of computer memory, including the analysis of memory dump files and system images, to recover digital evidence related to a crime.
  • Memory Forensics: The examination of computer memory, including the analysis of memory dumps, to assist in criminal investigations.
  • Memory Forensics: The examination of computer memory, including the analysis of RAM data, to assist in criminal investigations.
  • Memory Forensics: The process of analyzing a computer’s volatile memory, to extract information that is relevant to a forensic investigation, such as system state information, running processes, and network connections.
  • Microscopy: The examination of small objects, such as hair, fibers, or paint, using a microscope to determine their characteristics and to compare them to other samples.
  • Mobile Device Forensics: The process of collecting, analyzing, and preserving digital evidence from mobile devices, such as smartphones and tablets, in a manner that is admissible in a court of law.
  • Mobile device forensics: The process of collecting, preserving, analyzing, and presenting data and evidence from mobile devices, such as smartphones, tablets, and GPS devices, in a manner that is admissible as evidence in a court of law.
  • Mobile Forensics: The branch of digital forensics that deals with the examination of mobile devices, including cell phones, tablets, and other handheld devices.
  • Mobile Forensics: The branch of digital forensics that deals with the recovery and analysis of digital data from mobile devices, such as smartphones, tablets, and GPS units, for the purpose of preserving digital evidence.
  • Mobile Forensics: The examination of mobile devices, including smartphones and tablet computers, to collect data and information, to assist in criminal investigations.
  • Mobile Forensics: The examination of mobile devices, including smartphones and tablets, to assist in criminal investigations.
  • Mobile Forensics: The examination of mobile devices, including smartphones and tablets, to recover digital evidence related to a crime.
  • Mobile Forensics: The examination of mobile devices, including the analysis of cell phones, tablets, and other mobile devices, to assist in criminal investigations.
  • Mobile Forensics: The examination of mobile devices, including the analysis of smartphones and tablets, to recover digital evidence and assist in criminal investigations.
  • Mobile Forensics: The process of collecting and analyzing digital evidence from mobile devices, such as smartphones, tablets, or GPS units, for the purpose of retrieving data related to communications, locations, contacts, and applications, and investigating incidents or crimes involving these devices.
  • Multimedia Forensics: The examination of multimedia data, including the analysis of audio, video, and image data, to assist in criminal investigations.
  • Multimedia Forensics: The examination of multimedia data, including the analysis of video, audio, and image data, to assist in criminal investigations.
  • Network Forensics: The branch of digital forensics that deals with the examination of network traffic and logs, to identify and respond to security incidents, and to support legal investigations.
  • Network Forensics: The examination of computer networks, including the analysis of network logs, system images, and other digital evidence, to recover digital evidence related to a crime.
  • Network Forensics: The examination of network data, including the analysis of network traffic and other network-based information, to assist in criminal investigations.
  • Network Forensics: The examination of network data, including the analysis of network traffic, to assist in criminal investigations.
  • Network Forensics: The examination of network systems and communications, including the analysis of network traffic, to recover digital evidence and assist in criminal investigations.
  • Network Forensics: The examination of network traffic and logs, including the analysis of packets, protocols, and flows, to assist in criminal investigations.
  • Network Forensics: The process of collecting, analyzing, and preserving digital evidence from computer networks, in a manner that is admissible in a court of law.
  • Network Forensics: The process of collecting, analyzing, and preserving digital evidence from computer networks, such as the internet, intranets, and local area networks, for the purpose of detecting and investigating cybercrime and security incidents.
  • Network Forensics: The process of collecting, analyzing, and preserving digital evidence from network devices and systems, such as routers, switches, firewalls, and servers, for the purpose of reconstructing network events, investigating security incidents, or detecting malicious activities.
  • Network forensics: The process of collecting, preserving, analyzing, and presenting data and evidence from computer networks, such as packets and logs, in a manner that is admissible as evidence in a court of law.
  • Non-Volatile Memory Analysis: The process of examining and extracting digital evidence from non-volatile storage media, such as hard drives, flash drives, and memory cards, for the purpose of reconstructing past activities and finding hidden data.
  • Open-Source Forensics: The use of open-source tools and techniques in digital forensics investigations to reduce costs, improve efficiency, and increase transparency.
  • Packet sniffing: The process of intercepting and analyzing network traffic for the purpose of troubleshooting network issues, monitoring network usage, or gathering evidence in a forensic investigation.
  • Paint Analysis: The examination of paint samples, including the analysis of paint chips and samples from vehicles, to determine the type of paint and to link individuals or evidence to a crime scene.
  • Paint Analysis: The examination of paint, including the analysis of paint type, color, and other physical characteristics, to assist in criminal investigations.
  • Pathology Forensics: The examination of human remains, including the analysis of internal organs, tissues, and bones, to assist in criminal investigations.
  • Pathology: The study of disease, including the examination of tissue samples and autopsy findings to determine the cause of death.
  • Penetration Testing: The process of attempting to penetrate or compromise a system, network, or application, to assess its security posture and identify potential vulnerabilities.
  • Photogrammetry: The use of photographs to make accurate measurements and to generate three-dimensional models, including the measurement of crime scenes and the reconstruction of accidents.
  • Polygraph: A machine that measures physiological responses, such as changes in blood pressure, heart rate, and respiration, to determine if a person is telling the truth.
  • Preservation of Evidence: The process of preserving evidence in its original condition, to ensure that the evidence remains unaltered and can be used in a court of law.
  • Psychological Profiling: The use of behavioral and psychological analysis to profile a suspect, including the creation of a personality profile and the identification of likely criminal behavior.
  • Public Key Infrastructure (PKI): A system that uses public key cryptography to secure the exchange of information, and to verify the identity of parties involved in the exchange.
  • Questioned Document Examination: The examination of written or printed documents, including handwriting analysis and the analysis of paper, ink, and printing techniques, to assist in criminal investigations.
  • Questioned Documents: Any document that is of interest in a legal investigation, such as a will, letter, or signature.
  • RAM Analysis: The process of collecting and analyzing the data stored in the random access memory (RAM) of a computing device, for the purpose of reconstructing the device’s state or activities at a specific point in time.
  • Ransomware: A type of malware that encrypts the victim’s files, and demands payment in exchange for the decryption key.
  • Remote forensic: The process of conducting a forensic investigation on a remote computer system, using tools and techniques that allow the acquisition and analysis of digital evidence without direct physical access to the system.
  • Reverse Engineering: The process of analyzing a software application, device, or system to understand its design, structure, and behavior, for the purpose of identifying vulnerabilities, fixing errors, and developing new applications.
  • Reverse Engineering: The process of analyzing and understanding the design, construction, and operation of a system or device, including the reverse engineering of software, hardware, and firmware.
  • Ron Legarski Forensics: Terminologies & Definitions.
  • Root Cause Analysis: The process of determining the underlying cause of a security breach or other incident, typically through the examination of digital evidence and other relevant information.
  • Rootkit Detection: The process of detecting the presence of a rootkit on a computer system or network, by analyzing system components and processes for signs of tampering or modification.
  • Rootkit: A type of malicious software that conceals its presence and actions on a computer system by modifying or hiding files, registry entries, and processes, making it difficult for antivirus software and other security tools to detect and remove it.
  • Rootkit: A type of malicious software that is designed to hide the presence of an attacker’s activities on a computer system, including files, processes, and network connections.
  • Rootkit: A type of malware that hides itself and its actions from the operating system, making it difficult to detect and remove.
  • Rootkit: Malicious software that hides its presence on a system, by hooking into the operating system or other system components, and hiding its processes, files, and network activity.
  • Serology Forensics: The examination of biological fluids, including the analysis of blood, semen, and saliva, to assist in criminal investigations.
  • Serology: The study of blood and other bodily fluids, including the examination of bloodstains, semen, and saliva, to determine the presence of disease or other relevant information.
  • Signature Analysis: The process of analyzing unique characteristics or patterns in data to determine its origin or authenticity.
  • Signature Analysis: The process of comparing digital evidence to known or suspected examples of digital evidence, to determine whether they are related or have common origins.
  • Signature Analysis: The process of identifying and categorizing known or unknown software, files, and network traffic based on their unique characteristics, such as code, header information, or behavioral patterns, for the purpose of detecting malware, intrusion attempts, or other suspicious activities.
  • Social engineering: The use of psychological manipulation and deception to trick individuals into divulging sensitive information or performing actions that compromise security.
  • Social Media Forensics: The examination of social media data, including the analysis of social media profiles, posts, and messages, to assist in criminal investigations.
  • Social Media Forensics: The examination of social media evidence, including the analysis of social media profiles, posts, and other digital communications, to recover digital evidence related to a crime.
  • Soil Analysis: The examination of soil, including the analysis of soil type, mineral content, and other physical characteristics, to assist in criminal investigations.
  • Spoliation of Evidence: The intentional or accidental destruction or alteration of evidence, which can occur when evidence is not properly preserved or when evidence is mishandled or tampered with.
  • Spoofing: The act of creating false electronic communications, such as emails, text messages, or IP addresses, for the purpose of tricking individuals or systems into disclosing sensitive information or executing malicious actions.
  • Spyware: A type of malware that collects information from a computer system or network, without the user’s knowledge or consent.
  • Steganography: The practice of hiding data within data, typically by embedding it within images, audio files, or other digital media.
  • Steganography: The practice of hiding information in plain sight, such as by embedding a message within an image or audio file, or within the least significant bits of a file.
  • Steganography: The practice of hiding information in plain sight, within another message or image, for the purpose of secretly transmitting data.
  • Steganography: The practice of hiding secret data or messages within other data or messages, used to conceal the existence or content of the secret data or messages.
  • Steganography: The practice of hiding secret information, such as messages or files, within other data, such as images, audio, or video, for the purpose of maintaining confidentiality and avoiding detection.
  • Steganography: The practice of hiding secret messages or data within other, seemingly innocent digital files or images.
  • Steganography: The process of hiding data within digital files, such as images or audio files, to conceal the existence of the data.
  • Subpoena: A legal order requiring the production of evidence or the appearance of a witness in a court of law.
  • Tampering: Unauthorized modification or alteration of evidence, data, or a device.
  • Testimony: A formal statement or declaration made under oath in a court of law, used to provide evidence or to provide expert opinions or conclusions.
  • Textile Fiber Analysis: The examination of textile fibers, including the analysis of fiber type, color, and other physical characteristics, to assist in criminal investigations.
  • Threat Intelligence: The collection, analysis, and dissemination of information about potential and active threats to an organization, including information about threats to systems, networks, and data.
  • Time stamping: The process of assigning a unique and unambiguous timestamp to a digital event or file, for the purpose of establishing a reliable and verifiable chain of custody.
  • Time-Based Analysis: The process of analyzing digital evidence based on time, including the examination of timestamps and time-related data, to assist in criminal investigations.
  • Timeline Analysis: The process of creating a chronological representation of events, based on the timestamps of digital artifacts, such as files, emails, and log entries, to reconstruct the sequence of events in a forensic investigation.
  • Timeline analysis: The process of examining and organizing events in a chronological manner to reconstruct the sequence of events and identify the timing of events and activities related to an investigation.
  • Timeline analysis: The process of organizing and analyzing digital events, such as file creation, modification, and deletion, by their chronological order, for the purpose of reconstructing an event or activity.
  • Time-Line Analysis: The process of reconstructing the chronological order of events and activities related to a digital incident, based on the timestamps and metadata associated with digital evidence, such as log files, email messages, or images.
  • Toolmark Examination: The examination of tool marks, including the analysis of tool marks on firearms, tools, and other items, to assist in criminal investigations.
  • Toxicology Forensics: The examination of toxic substances, including the analysis of drugs, alcohol, and other chemicals, to assist in criminal investigations.
  • Toxicology: The study of the effects of chemicals, drugs, and poisons on the human body.
  • Toxicology: The study of toxic substances, including the examination of biological samples, such as blood and urine, to determine the presence of drugs, poisons, or other toxic substances.
  • Trace Element Analysis: The examination of trace elements, including the analysis of metals and minerals in samples, to determine the origin of materials or to link individuals or evidence to a crime scene.
  • Trace Evidence Analysis: The examination of small, often microscopic, pieces of evidence, including hair, fibers, paint, and glass, to link individuals or evidence to a crime scene.
  • Trace Evidence Analysis: The examination of trace evidence, including the analysis of hairs, fibers, and other microscopic particles, to assist in criminal investigations.
  • Trace Evidence Analysis: The examination of trace evidence, such as fibers, hair, or paint, to link individuals or evidence to a crime scene.
  • Trace Evidence: Small, often microscopic, pieces of physical evidence, such as fibers, hair, or paint, that can provide important information about a crime.
  • Trace evidence: Small, often microscopic, pieces of physical evidence, such as hair, fibers, or gunshot residue, that can link a suspect or a location to a crime scene.
  • Trace Metal Analysis: The examination of trace metals, including the analysis of metals in blood, hair, or other samples, to determine exposure to toxic substances.
  • Triage: The process of sorting and prioritizing evidence, used to determine which evidence should be analyzed first based on the importance or urgency of the analysis.
  • Trojan: A type of malware that is disguised as a legitimate software program, and is used to gain unauthorized access to a computer system or network.
  • Vehicle Forensics: The examination of vehicles, including the analysis of physical evidence and digital systems, to assist in criminal investigations.
  • Video Forensics: The examination of video data, including the analysis of video recordings, to assist in criminal investigations.
  • Video Forensics: The examination of video evidence, including the analysis of video recordings, to recover digital evidence related to a crime.
  • Video Forensics: The examination of video evidence, such as surveillance footage, to enhance and analyze the images for use in an investigation.
  • Video Forensics: The examination of video recordings, including the analysis of video quality and image manipulation, to assist in criminal investigations.
  • Virtual Forensics: The branch of digital forensics that deals with the recovery and analysis of digital data from virtual environments, such as virtual machines, cloud computing, and online gaming platforms, for the purpose of preserving digital evidence.
  • Virtual Forensics: The process of collecting and analyzing digital evidence from virtual environments, such as virtual machines, cloud computing platforms, or simulations, for the purpose of preserving the integrity and authenticity of the data.
  • Virtual machine: An emulated computer system, created within a host operating system, that can be used for various purposes, including forensic analysis, malware research, and testing.
  • Virus Scanning: The process of searching a computer system or network for the presence of viruses, by comparing the files and data against a database of known viruses and malware signatures.
  • Virus: A type of malicious software that infects a computer system and spreads to other systems, disrupting normal operations, stealing data, or executing malicious actions.
  • Virus: A type of malware that infects a computer file and spreads to other files, and can replicate itself on other systems.
  • Voice Analysis: The examination of voice recordings to determine the identity of a speaker or to compare the voice to a known sample.
  • Voiceprint Analysis: The examination of audio recordings, including the analysis of voice patterns, to assist in criminal investigations.
  • Voiceprint Analysis: The examination of voice recordings, including the analysis of telephone recordings, to identify individuals or link them to a crime scene.
  • Voiceprint Analysis: The examination of voice samples, including the analysis of voice recordings, to identify individuals and assist in criminal investigations.
  • Volatile organic compound (VOC): Chemical substances that evaporate easily and can be found in a variety of items such as paints, solvents, and adhesives. They can be used as evidence in forensic investigations.
  • Volume Shadow Copy Analysis: The process of analyzing the snapshots or backups of a volume or a file system, known as volume shadow copies, for the purpose of recovering deleted or older versions of data, or of investigating incidents or crimes that involved the modification of data.
  • VPN: Short for ‘virtual private network,’ a technology that allows remote users to securely access a private network, by establishing a secure encrypted connection over a public network.
  • Vulnerability Assessment: The process of identifying and evaluating the vulnerabilities in a system, network, or application, including the identification of potential weaknesses and the assessment of the potential impact of exploiting those weaknesses.
  • Warran: A court order that authorizes law enforcement to search a specific location or seize specific items related to a criminal investigation.
  • Warrant: A legal order issued by a judge, authorizing a law enforcement officer to search a specific location or to seize specific items or data as evidence.
  • Web Forensics: The examination of web data, including the analysis of web pages, web logs, and other web-based information, to assist in criminal investigations.
  • Web Forensics: The examination of web-based evidence, including the analysis of websites, web logs, and other digital communications, to recover digital evidence related to a crime.
  • Web proxy logs: Log files generated by a web proxy server that can contain valuable information about web traffic, such as URLs, IP addresses, and user-agents, that can be useful in forensic investigations.
  • White-box testing: A software testing technique where the tester has complete knowledge of the internal workings of the software being tested.
  • Wildlife Forensics: The examination of wildlife evidence, including the analysis of fur, feathers, and DNA, to assist in criminal investigations.
  • Wireless Forensics: The examination of wireless data, including the analysis of wireless signals, to assist in criminal investigations.
  • Wireless network analysis: The process of analyzing the data transmitted over a wireless network, including access points, clients, and packets, for the purpose of uncovering security vulnerabilities, detecting unauthorized access, or reconstructing network activity.
  • Worm: A type of malware that spreads from computer to computer, without requiring human interaction, by exploiting vulnerabilities in software or operating systems.
  • Write-Blocking: The process of preventing the modification or alteration of digital evidence during the acquisition or examination phase, by using specialized hardware or software that allows only read-access to the media.
  • X-ray diffraction (XRD): A analytical technique that uses X-rays to determine the crystalline structure of a material.
  • Zero-knowledge proof: A method in cryptography where one party can prove to another that they know a specific value without revealing that value.