Chapter17: Computer Forensics

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Partition

A contiguous set of blocks that are defined and treated as an independent disk.

Swap File

A file or defined space on the HDD used to converse RAM. Data is swapped (paged) to this file/space to free RAM for applications that are in use.

Byte

A group of eight bits.

Cluster

A group of sectors in multiples of two. Cluster size varies from file system to file system and is typically the minimum space allocated to a file.

Software

A set of instructions complied into a program that performs a particular task. Software consists of programs and applications that carry out a set of instructions on the hardware.

Message Digest 5 (MD5)/ Secure Hash Algorithm (SHA)

A software algorithm used to "fingerprint" a file or contents of a disk; used to verify the integrity of data. In forensic analysis it is typically used to verify that an acquired image of suspect data was not altered during the process of imaging.

Visible Data

All data that the operating system is presently aware of, and thus is readily accessible to the user.

Latent Data

Areas of files and disks that are typically not apparent to the computer user (and often not to the operating system), but contain data nonetheless.

Temporary Files

Files temporarily written by an application to perform a function. For applications, such as Microsoft word and Excel, temporary files are created to provide a "backup" copy of the work product should the computer experience a catastrophic failure.

Bit

Short for binary digit; Taking the form of either a one or a zero, it is the smallest unit of information on a machine.

RAM Slack

The area beginning at the end of the logial file and terminating at the end of that sector. In some older operating systems this area is padded with information in RAM.

Unallocated Space

The area of the HDD that the operating system (file system table) sees as empty (containing no logical files) and ready for data. Simply started, it is the unused portion of the HDD, but is not necessarily empty.

File Slack

The area that begins at the end of the last sector that contains logical data and terminates at the end of the cluster.

Central Processing Unit (CPU)

The main chip within the computer; also referred to as the brain of the computer. This microprocessor chip handles most of the operations (code and instructions) of the computer.

Motherboard

The main system board of a computer (and many other electronic devices). It delivers power, data, and instructions to the computer's components. Every component in the computer connects to the motherboard, either directly or indirectly.

Hardware

The physical components of a computer: case, keyboard, monitor, motherboard, RAM, HDD, mouse, and so on. Generally speaking, if it is a computer component you can touch, it is hardware.

Sector

The smallest addressable unit of data by a hard disk drive; generally consists of 512 bytes.

Operating System (OS)

The software that provides the bridge between the system hardware and the user. The OS lets the user interact with the harware and manages the file system and applications. Some examples are windows (XP, 2000), Linux, and Mac OS.

Random-Access Memory (RAM)

The volatile memory of the computer, when power is turned off, its contents are lost. Programs and instructions are loaded into RAM while they are in use.

Hard Disk Drive (HDD)

Typically the main storage location within the computer. It consists of magnetic platters contained in a case (usually 3.5" in a desktop computer and 2.5" in a laptop). The HDD is usually where the operating system, applications, and user data are stored.


Ensembles d'études connexes

0X1=LOVESONG (I Know I Love You)

View Set

Module 9: Malignant Disorders of White Blood Cells

View Set

AASP:100 (MIDTERM 1) STUDY GUIDE

View Set

Vascular Disorders and Blood Q&A

View Set