Microsoft Word EnCase Forensic Version 11 User's Guide doc
Yüklə 2,21 Mb. Pdf görüntüsü
|
532
EnCase Forensic Version 6.11 Userʹs Guide
Sector A subdivision of a track of a magnetic hard disk or optical disc. A sector stores a fixed amount of data. A typical sector contains 512 bytes.
The SAFE (Secure Authentication For EnCase) is a physically and logically secured server that authenticates all users and controls all access to the network devices.
A uniquely programmed hardware key, sometimes referred to as a dongle, that identifies a user to EnCase software and enables access to its features.
Servlets are EnCase services running on network workstations and servers that provide bit‐level access to the machine where they reside.
See File Signature.
See Disk Slack and File Slack .
A representation of a live running machine, including volatile computer data such as currently logged on users, registry settings, and open files.
Refers to a broad category of malicious software designed to intercept or take partial control of a computer without the informed consent of that machineʹs owner or legitimate user. While the term taken literally suggests software that surreptitiously monitors the user, it has come to refer more broadly to software that subverts the computerʹs operation for the benefit of a third party.
The art and science of writing hidden messages in a way that no one except the intended recipient knows of the existence of the message; this is in contrast to cryptography, which does not disguise the existence of the message but obscures its content.
The computer or media that the investigator actually examines.
A memory management technique where non‐contiguous memory is presented to a software process as contiguous memory. Memory pages stored in primary storage are written to secondary storage, thus freeing faster primary storage for other processes in use. A swap file is also called a page file.
Table Pane Part of the program user interface located in the upper‐right quadrant of the four pane display.
Glossary of Terms 533
A folder that allows segregation and control of temporary files created in the course of an investigation. Also see Export Folder.
A part of the program user interface located in the upper‐left quadrant of the four pane display.
Unicode An industry standard that enables text and symbols from all the worldʹs writing systems to be consistently represented and manipulated by computers. Unicode consists of:
A character repertoire An encoding methodology and set of standard character encoding
A set of code charts for visual reference
An enumeration of character properties such as upper and lower case
A set of reference data computer files
Rules for normalization, decomposition, collation and rendering
A part of the program user interface located in the lower‐left quadrant of the four pane display.
The EnCase Virtual File System (VFS) lets examiners mount computer evidence as a read‐only, offline network drive for examination in Windows Explorer. The value of this feature is that it allows examiners multiple examination options, including the use of third‐party tools with evidence served by EnCase.
Software that creates a virtual environment on a computer platform so the user can run software. Several discrete execution environments reside on a single computer, each running an Operating System. This allows applications written for one OS to run on a machine with a different OS.
A wholly‐owned subsidiary of EMC Corporation, it supplies much of the virtualization software available for x86‐ compatible computers. VMWare software runs on Windows and Linux.
Write Blocker A tool (software or hardware) that prevents writes to a subject device while allowing investigators to safely read from the device.
Yüklə 2,21 Mb. Dostları ilə paylaş:
|