532
EnCase Forensic Version 6.11 Userʹs Guide
S
Sector
A subdivision of a track of a magnetic hard
disk or optical disc. A sector stores a fixed
amount of data. A typical sector contains
512 bytes.
Secure Authentication For EnCase (SAFE)
The SAFE (Secure Authentication For
EnCase) is a physically and logically secured
server that authenticates all users and
controls all access to the network devices.
Security Key
A uniquely programmed hardware key,
sometimes referred to as a dongle, that
identifies a user to EnCase software and
enables access to its features.
Servlet
Servlets are EnCase services running on
network workstations and servers that
provide bit‐level access to the machine
where they reside.
Signature
See File Signature.
Slack
See Disk Slack and File Slack .
Snapshot
A representation of a live running machine,
including volatile computer data such as
currently logged on users, registry settings,
and open files.
Spyware
Refers to a broad category of malicious
software designed to intercept or take
partial control of a computer without the
informed consent of that machineʹs owner or
legitimate user. While the term taken
literally suggests software that
surreptitiously monitors the user, it has
come to refer more broadly to software that
subverts the computerʹs operation for the
benefit of a third party.
Steganography
The art and science of writing hidden
messages in a way that no one except the
intended recipient knows of the existence of
the message; this is in contrast to
cryptography, which does not disguise the
existence of the message but obscures its
content.
Subject
The computer or media that the investigator
actually examines.
Swap File
A memory management technique where
non‐contiguous memory is presented to a
software process as contiguous memory.
Memory pages stored in primary storage are
written to secondary storage, thus freeing
faster primary storage for other processes in
use. A swap file is also called a page file.
T
Table Pane
Part of the program user interface located in
the upper‐right quadrant of the four pane
display.
Glossary of Terms
533
Temp Folder
A folder that allows segregation and control
of temporary files created in the course of an
investigation. Also see Export Folder.
Tree Pane
A part of the program user interface located
in the upper‐left quadrant of the four pane
display.
U
Unicode
An industry standard that enables text and
symbols from all the worldʹs writing
systems to be consistently represented and
manipulated by computers. Unicode
consists of:
A character repertoire
An encoding methodology and set of
standard character encoding
A set of code charts for visual
reference
An enumeration of character
properties such as upper and lower
case
A set of reference data computer files
Rules for normalization,
decomposition, collation and
rendering
V
View Pane
A part of the program user interface located
in the lower‐left quadrant of the four pane
display.
Virtual File System (VFS)
The EnCase Virtual File System (VFS) lets
examiners mount computer evidence as a
read‐only, offline network drive for
examination in Windows Explorer. The
value of this feature is that it allows
examiners multiple examination options,
including the use of third‐party tools with
evidence served by EnCase.
Virtual Machine
Software that creates a virtual environment
on a computer platform so the user can run
software. Several discrete execution
environments reside on a single computer,
each running an Operating System. This
allows applications written for one OS to
run on a machine with a different OS.
VMWare
A wholly‐owned subsidiary of EMC
Corporation, it supplies much of the
virtualization software available for x86‐
compatible computers. VMWare software
runs on Windows and Linux.
W
Write Blocker
A tool (software or hardware) that prevents
writes to a subject device while allowing
investigators to safely read from the device.