Glossary

A-C

Address Resolution Protocol (ARP)

A protocol used on the Internet to map computer network addresses to hardware addresses.

admissible evidence

Evidence that meets all regulatory and statutory requirements, and has been properly obtained and handled.

American Standard Code for Information Interchange (ASCII)

A single-byte character-encoding scheme used for text-based data.

asymmetric algorithm

Another name for a public key encryption algorithm.

auditing

The process of keeping track of who is logging in and accessing what files.

backdoor

A software program that allows access to a system without using security checks.

ballistics

The science of flight dynamics; often used to determine the flight path of weapons.

Basic Input Output System (BIOS)

System software that is responsible for booting the computer by providing a basic set of instructions.

BeOS File System (BFS)

A filesystem designed for use by the Be operating system. BFS has the built-in capability to work with FAT12, FAT16, VFAT, and HPFS partitions. BFS can also support FAT32 and NTFS after the appropriate drivers are installed.

best evidence rule

A rule that requires that the original document be introduced as evidence when you present documentary evidence in a court of law. You cannot introduce a copy except under certain circumstances, such as when the original has been destroyed .

best practices

A set of recommended guidelines that outlines a set of good controls.

Bluetooth

A standard developed to allow various types of electronic equipment to make their own connections by using a short-range (10-meter) frequency- hopping radio link between devices.

body language

Communication using body movements, gestures, and facial expressions.

browser

An application that allows you to access the World Wide Web. The most common browsers are Microsoft Internet Explorer and Netscape.

brute force

Systematically trying every conceivable combination until a password is found, or until all possible combinations have been exhausted.

brute force attack

An attack that tries all possible password combinations until the correct password is found.

cache

Space on a hard disk used to store recently accessed data in an effort to improve performance speed.

CD/DVD-ROM/RW drive

A drive accessible from outside the computer that is used to read and/or write CDs and DVDs. A compact disc (CD) can store huge amounts of digital information (783 MB) on a very small surface. CDs are inexpensive to manufacture.

chain of custody

Documentation of all the steps that evidence has taken from the time it is located at the crime scene to the time introduced in the courtroom. All steps include collection, transportation, analysis, and storage processes. All accesses of the evidence must be documented as well.

checksum

A value that can help detect data corruption. A checksum is derived by summing the number of bytes or other criterion in a string of data. At a later time, especially after the data's been transmitted or copied , the same calculation is performed. If the resulting value does not match the original value, the data is considered to be corrupt.

chosen plaintext attack

An attack to decrypt a file characterized by comparing ciphertext to a plain- text message you chose and encrypted.

cipher

An algorithm for encrypting and decrypting .

ciphertext

An encrypted message.

cloning

A process used to create an exact duplicate of one media on another like media.

Complementary Metal Oxide Semiconductor (CMOS)

An on-board semiconductor chip used to store system information and configuration settings when the computer is either off or on. Batteries are used to power the CMOS memory.

computer evidence

Any computer hardware, software, or data that can be used to prove one or more of the five Ws and an H of a security incident (i.e., who, what, when, where, why, and how).

computer forensics

A science involving the identification, preservation, extraction, documentation, and interpretation of computer data.

cookies

Small text files that are placed on your computer's hard drive when you browse a website. The file contains a simple unique number that identifies you to the website's computers when you return.

covert channels

A method by which an entity receives information in an unauthorized manner.

cross examination

Questions asked by opposing counsel to cast doubt on testimony provided during direct examination.

cross validation

A method used when one variable has the particular status of being explained by using a second method to verify data.

cryptography

The science of hiding the true meaning of a message from unintended recipients.

cyclic redundancy check (CRC)

A common technique for detecting data transmission errors. Each transmitted message is accompanied by a numerical value based on the number of set bits in the message. The receiving device then applies the same formula to the message and checks to make sure the accompanying numerical value is the same, thereby verifying the data integrity.