Microsoft Word EnCase Forensic Version 11 User's Guide doc
Yüklə 2,21 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Host Protected Area (HPA)
- New Technology File System (NTFS)
- Node
- Physical Disk Emulator (PDE)
530
EnCase Forensic Version 6.11 Userʹs Guide
An area of a disk designed to allow vendors to store data safe from user access, diagnostics, or backup tools. If present, data stored in this area is inaccessible by the operating system, BIOS or the disk itself.
Index An EnCase index is a feature that allows quick access to the data in an evidence file.
A unique number that devices use to identify and communicate with each other on a computer network utilizing the Internet Protocol standard. Any participating network device, including:
routers computers
time‐servers printers
Internet fax machines some telephones ‐ must have its own unique address. An IP address can also be thought of as the equivalent of a street address or a phone number. IPv4 specifies addresses in four eight‐bit decimal numbers separated by a dot. IPv4 specifies a port number with a colon. IPv6 addresses the limitations that IPv4 has with the total number of addresses. IPv6 is typically written in eight 16‐bit hexadecimal numbers, which are separated by a colon. IPv6 specifies a port number with a space.
A keyword is a string or expression used in searching your evidence.
LinEn Utility The Linux EnCase client used for disk‐to‐ disk or cable acquisitions.
A specialized form of an evidence file filled with user‐selectable files, as opposed to a traditional evidence file which contains the entire contents of the device. Logical Evidence files have the extension .L01.
Malware Software designed to infiltrate or damage a computer system without the ownerʹs informed consent.
The process of making a file system ready for use by the operating system, typically by reading certain index data structures from storage into memory ahead of time. The term recalls a period in the history of computing when an operator had to mount a magnetic tape or hard disk on a spindle before using it.
Network Tree The network tree represents the hierarchical organization of the underlying network and file structure.
Glossary of Terms 531
The standard file system of Windows NT and its descendants:
Windows 2000 Windows XP
Windows Server 2003 Windows Vista
A node is the machine where the servlet is installed.
Bookmarks used to identify individual files containing important information to a case.
See New Technology File System.
Panes comprise the four quadrants to the interface:
Tree pane Table pane
View pane Filter pane Panes contain tabs, which alter the display of the data inside the pane. Panes are resizable.
The EnCase Physical Disk Emulator lets examiners mount computer evidence as a local drive for examination in Windows Explorer. This feature allows examiners many options in their examinations, including the use of third‐party tools with evidence served by EnCase.
A virtual data connection that can be used by programs to exchange data directly, instead of going through a file or other temporary storage location. The most common of these are TCP and UDP ports used to exchange data between computers on the Internet
Redundant Array of Independent Disks (RAID) A data storage scheme using multiple hard drives to share or replicate data among the drives. Depending on the configuration of the RAID (typically referred to as the RAID level), the benefits of RAID are:
increased data integrity fault‐tolerance
throughput or capacity compared to single drives
A string that describes or matches a set of strings according to certain syntax rules. Many text editors and utilities use egular expressions to search and manipulate bodies of text based on certain patterns. Many programming languages support regular expressions for string manipulation. Also see GREP.
The base of a file systemʹs directory structure or the parent directory of a given directory.
Yüklə 2,21 Mb. Dostları ilə paylaş:
|