Index
Numbers
3Com, Palm OS
3DES (Triple DES)
8.3 file naming convention
802.1x standard
A
ACARD Write Block Kit
access data, change from opening files
AccessData
Forensic Toolkit (FTK)
adding evidence to case,
Imager
New Case Wizard,
temporary Internet files display,
Password Recovery Toolkit
“accessed” date, of Windows file
actions, documentation of
activity logs
activity timelines
AD Summation
addiction as criminal motivator
Address Resolution Protocol (ARP)
administrative control
admissibility of evidence
Advanced Encryption Standard (AES)
Advanced Micro Devices (AMD)
AES (Advanced Encryption Standard)
AFind
AFS (Andrew File System)
“agent of law enforcement
AIX
algorithms, for encryption
allocation units
Amazon, for password cracking
American Postal Workers Union, Columbus Area Local AFL-CIO v. United States Postal Service
analysis section, in report
analysis, virtual machines to reduce time
Andrew File System (AFS)
anger as criminal motivator
appearance, for court testimony
Apple
Apple iPhone
application logs
archived files
ARP (Address Resolution Protocol)
ASCII, converting between EBCDIC and
ASR Data Acquisition & Analysis, LLC
asymmetric key algorithms
AT&T, Bell Laboratories
ATM fraud
attitude for court appearance
attorneys
meeting with witnesses
storytelling approach
audience
considering response of
and evidence presentation
learning about
for testimony
audit trails
auditing, users and file access
authentication
of documentary evidence
from encryption
authentication logs
authority
for password cracking
for searching computer
Autopsy
Avantstar
B
backdating document
backup software, vs. disk imaging
backups, trace evidence in
Basic Input Output System (BIOS)
battery, for PDA or cell phone
behavior, training to change
Bentley, Robert Matthew
best available evidence
best evidence rule
best practices
BFS (BeOS File System)
BIOS (Basic Input Output System)
bit-by-bit copy, creating
bit stream backup
bit stream image
documenting creation process
from ProDiscover
BitPim
blkcalc tool
blkcat tool
blkls tool
blkstat tool
Blowfish
Blu-ray Disc devices
Bluetooth
body language
booting, from floppy boot disk
bootloader
boredom, as response to presentation
bots
brevity in testimony
Broderick, Matthew
browser
downloading web page
history and cache files for
brute force attack
BSD
business. See corporations
C
cable connectors
cable modems
cache
data capture from ARP
for HTML pages
Cain and Abel
Caldera
capturing data. See evidence collection
Case Agent Companion (Paraben), sample report
CaseVantage
CD/DVD-ROM/RW rive
cell phones
evidence collection from
lost data
Cellebrite
Cerious Software, Inc.
CERT Coordination Center
chain of custody
controls
documentation for
protecting
change
preventing in evidence
to system, risk of
chat room logs
Chat Stick
checksum
calculating
as last step in media analysis
child pornography
chosen plaintext attack
CIFS (Common Internet File System)
cipher
classified documents, storage of
clean copy for analysis
clothing for court appearance
clusters
CMOS (Complementary Metal Oxide Semiconductor) battery, and computer clock accuracy
CMOS (Complementary Metal Oxide Semiconductor) chip
“cold start
Common Internet File System (CIFS)
Compact Flash drives (CFDs)
compliance
computer crime
computer evidence
use of
computer forensic professional
computer forensic technician
computer forensics
defining
importance, real world scenario
knowing limits
organization needs assessment
practitioners
roles involving
Computer Forensic Tool Testing (CFTT) Project Web site
computers
displaying list of connections
maintaining power or shutting down
photographs to document
tracking access
confidentiality, from encryption
conflict of interest
connectors
consistency, in report terminology
control
conventions, presentation at
cookies
Cookies folder
copying
bit-by-bit
full-volume
imaging tools
partial volume images
sector-by-sector
without employees knowing
copyright piracy case, sample report on evidence
analysis section
disk imaging
findings section
follow-up reports
glossaries an appendixes
initial assessment
objective section
recommendations
subsections
summary
supporting documentation
The Coroner’s Toolkit (TCT), Grave-Robber
corporations
computer forensics use by
concerns for detection and prevention
forensic training
impact of investigation on normal operations
vs. law inforcement concerns
court cases. See also expert witnesses; testifying in court
on expectation of privacy
priority for
court orders
covert channels
Crack
CRC (cyclic redundance check)
CRC112
CrCheck.exe
credentials, as expert witness
Credentials Manager
credibility
criminal acts, treating incidents as
criminals’ thought processes, and evidence searches
cross examination, in trial
Cryptcat
cryptography
curiosity as criminal motivator
cyberbullying
cybercriminal, and low-hanging fruit
cyclic redundance check (CRC)
D
damages, documentation of
Darik’s Boot and Nuke (DBAN)
Data Encryption Standard (DES)
data loss, powering down computer and
data recovery
data types, comparing to file extension
Davory data recovery utility
DCode
dd utility
Debian
decrypting files
deleted files
recovery of
deleting data, normal shutdown and
demonstrative evidence
denial of service (DoS) attack
Department of Public Safety, crime lab personnel
deposition
DES (Data Encryption Standard)
desktop computers
details, as distraction for jury
Deutch, John
Device Seizure (Paraben)
DFLabs
diagrams for documenting case
dictionary attack
Digital Detective
digital evidence
Digital Intelligence, Inc.
direct examination, in trial
directory structure, in Windows
disaster recovery
best practices
disk drives
creating copy
precautions for
sector-by-sector copy
steps for handling
disk imaging and validation tools
vs. backup software
DriveSpy
EnCase
keyword search,
timeline options,
viewing IP addresses,
Forensic Replicator
FTK Imager
Norton Ghost
ProDiscover
SMART
SMART Acquisition Workshop (SAW)
WinHex
Disk Operating System (DOS)
disk partitions, hidden
disk_sreset tool
disk_stat tool
distributed denial of service attack (DDoS)
DNS (Domain Name Service)
Document Inspection feature
documentary evidence
documentation
of actions
and chain of custody
of damages
for digital photographs
of evidence
of evidence-gathering process
of imaging process
of investigation
photographs for
of sanitizing process
documents
backdating
as evidence
Domain Name Service (DNS)
DOS (Disk Operating System)
DOS boot floppy disks
DOS bootable devices, creating
draft reports, disclosure of
DriveLock
DriveSpy
DSL modems
dtSearch
dual-boot configuration
and hidden partition
duplicate hard drive, creating
E
e-mail headers
EBCDIC, converting between ASCII and
Egyptians, hieroglyphics
ElcomSoft
password recovery software
electromagnetic fields
electronic discovery (e-discovery)
electrostatic discharge (ESD)
employees
access to company networks by former
expectation of privacy
misuse of proprietary information
rights
employment policies, on expectation of privacy
EnCase
keyword search
timeline options
viewing IP addresses
encrypted files
identifying
opening
encryption
basics
common practices
strengths and weaknesses
encryption key
end users
security awareness
training
Enron
enterprise servers
eSATA
ESD (electrostatic discharge)
/etc/passwd file
/etc/shadow file
ethics
Event Properties dialog box, for Logon Failure attempt
Event Viewer (Windows 7)
evidence. See also computer evidence; search and seizure
admissibility in court
best available
best evidence rule
chain of custody
common sense approach to checking
creating duplicate
hidden
identification
hardware,
removable storage,
of initial state
places to look for
presentation
preservation
proving the forensic tool does not change
sampling data
state preservation
storage and protection of original media
transporting
types
demonstrative,
documentary,
real,
testimonial,
evidence analysis
evidence collection
documentation of
documentation of process
hidden documents
low-hanging fruit
methods to avoid
network activity files
order of
from personal portable devices
reports on
tools for volatile data
Evidence Eliminator
evidence log, information in
evidence searches
authority for
thought process of criminals and
tools
volume of results
warrantless
Excel, metadata
Executive Summary in reports
expectation of privacy
expert witnesses
meeting with attorneys
protection from disclosure of draft reports
qualifications
training and practice
extended FAT (exFAT) file system
extension checkers
external hard drives
F
FastBloc
FAT/NTFS
FAT43
FAT44
fax buffers
Federal Guidelines for Searching and Seizing Computers
Federal Rule of Civil Procedure 26
Federal Rules of Civil Procedures, on disclosure of draft reports
ffind tool
File Allocation Table (FAT)
file extensions
change
comparing to data type
file names, hiding documents by changing
file systems
normal shutdown and
tools and procedures for
for UNIX/Linux
file time stamps, and computer clock setting
File Transfer Protocol (FTP)
file viewers
filenames, applications generating
files
auditing access
decrypting
operating encrypted
financial gain as criminal motivator
findings section, in report
fingerprints, from hardware
Finland
Firefox for Windows, temporary Internet files location
firewalls
logs
and traceroute client
FireWire
FireWire write blocker
Flash cookies
floppy disks
booting from
floppy drives
file systems to support
fls tool
fonts, nonstandard, to hide text
Foremost/Scalpel
forensic compression
forensic duplicate
Forensic Examination of Digital Evidence: A Guide for Law Enforcement
forensic image
forensic investigation, neutrality of
forensic kits
forensic process, explaining
Forensic Replicator
Forensic Toolkit (FTK), , . See also AccessData, Forensic Toolkit (FTK)
forensic tools
care and maintenance
disk imaging and validation tools
dd utility, , ,
DriveSpy, ,
EnCase, , . See also EnCase
Forensic Replicator, ,
FTK Imager, , ,
Norton Ghost, ,
ProDiscover, , , ,
SMART, ,
SMART Acquisition Workshop (SAW), ,
WinHex, , ,
DriveSpy
dtSearch
explaining in court
hardware
Cellebrite,
Image MASSter Solo-, ,
NetAnalysis
organization needs
Paraben Corporation
Case Agent Companion, sample report, ,
Chat Stick, ,
Device Seizure, , ,
Paraben Porn Stick, ,
Snagit, , ,
StrongHold Bag
proving no change to evidence from
Quick View Plus file viewer
software suites
EnCase, , ,
Forensic Toolkit (FTK), ,
ProDiscover, ,
SANS Investigative Forensic Toolkit (SIFT),
Sleuth Kit (TSK),
X-Ways Forensics (XWF),
ThumbsPlus File Viewer
toolkit selection
Forensic UltraDock
Forensic Write Blockers
forensically sound procedures
Freax
Freespire
fsstat tool
FTK Imager
FTP (File Transfer Protocol)
client
full-volume copying
vs. partial volume image
G
glossary, in report
“golden” image
Gonzalez, Alberto
Google Android
government agencies, computer forensics use by
Gramm-Leach-Bliley (GLB) Act
Grave-Robber
grooming for court appearance
guessing passwords
Guidance Software, EnCase
keyword search
timeline options
viewing IP addresses
Guymager
H
hackers
access to Palin’s e-mail account
acquitted
measures to defend against
sentencing
handheld computers
handwritten notes
hard-copy documents
hard drives
creating duplicate
dd to copy
external
imaging tools
hard evidence
hardware
check for unauthorized
devices for data transport or transmission
forensic tools
Cellebrite,
ICS Solo
Image MASSter Solo-,
I/O devices
identifying as evidence
maintaining integrity
mobile devices
servers
workstations
hardware protected area (HPA)
hardware write blockers
hash
for drive
SMART generation of
Health Insurance Portability and Accountability Act (HIPAA)
hexadecimal editor, for Windows
hfind tool
HFS (Hierarchical File System)
hidden disk partitions
hidden evidence
Hide and Seek
hiding documents, by changing names, properties or locations
Hierarchical File System (HFS)
High Performance File System (HPFS)
High Technology Crime Investigation Association (HTCIA)
HIPAA (Health Insurance Portability and Accountability Act)
History folder, of web browser
host machine, for virtual machine
host protected area (HPA), detecting
Hostgator.com
hot pluggable USB devices
HP-UX
HPA (host protected area), detecting
HPFS (High Performance File System)
HTCIA (High Technology Crime Investigation Association)
HTML pages
cache for
viewing code
HTTP (HyperText Transfer Protocol)
hub, for USB devices
hybrid attack
Hydra
HyperText Transfer Protocol (HTTP)
I
I-Mode
I/O (input/output) devices
IACIS (International Association of Computer Investigative Specialists)
IBM PCs
IBX
icat tool
ICS Solo
identity thefts
IDS (intrusion detection system), log-based
IEEE 1394 standard
IETF (Internet Engineering Task Force)
ifind tool
ils tool
iMac
Image MASSter Forensic Toolkit
Image MASSter Solo-
for sanitizing drive
images, hidden messages in
imaging/capture tools
commercial software
utilities
IMAP (Internet Message Access Protocol)
img_cat tool
img_stat tool
impersonator, vs. valid user action
inadmissible evidence
incident response
likelihood of court proceedings
Incident Response Collection Report (IRCR)
incident response plans
incident response team (IRT)
incidents
clear processes for
and computer evidence
treating as criminal acts
income tax refunds, online scheme to steal
industry best practices
infrared technology
initial state, evidence of
input/output (I/O) devices
instant message (IM) software, chat logs from
integrity of hardware, maintaining
integrity of information, from encryption
Intel, theft of trade secrets
Intelligent Computer Solutions
intentional acts, vs. unintentional
International Association of Computer Investigative Specialists (IACIS)
Internet, case involving
Internet document
Internet Engineering Task Force (IETF)
Internet Explorer, temporary Internet files location
Internet Message Access Protocol (IMAP)
Internet Options dialog box (Internet Explorer)
interviews
intrusion detection
intrusion detection system (IDS), log-based
intrusion
investigations, impact on company normal operations
Invisible Secrets
IP addresses, in e-mail header
iPhone OS (iOS)
IPv4 address
IPv6 address
IR transmissions
IRCR (Incident Response Collection Report)
IRT (incident response team)
istat tool
J
Jaz disks
jcat tool
jls tool
John the Ripper
Julius Caesar
jury, understanding of presentation
K
Karen’s Disk Slack Checker
Katz. v. Ortega
Key Computer Service Certified Computer Examiner (CCE) Bootcamp
key discovery
key length, and encryption strength
key loggers
key management
key pair
KISS method
for presenting technical information
for testimony
known plaintext attack
Kroll Ontrack
L
L0phtCrack
laboratory practices
LAN (local area network)
typical setup
LastBit
law enforcement. See also local law enforcement
vs. corporate concerns
prosecution concerns
training
Leave No Trace policy
legal environment, digital evidence collection in
legal liability
Linspire
Linux
file systems
listening
litigation, electronic documents for
live acquisitions
live computer system, maintaining power or shutting down
Live View
local area network (LAN)
local law enforcement
coordination with
developing relationship with
Local Shared Objects (LSOs)
location, hiding documents by changing
Lockdown V185
locked resource, from failed logon attempts
log-based intrusion detection system (IDS)
log file scanner
log files
for audit trails
contents as evidence
default locations for
time for reviewing
on Windows systems
Log2timeline
logon attempts, failed, and locked resources
Logon Failure attempt, Event Properties dialog box for
logs of evidence, information in
Loki
London, Metropolitan Police Computer Crime Unit
ls command
M
MAC (Media Access Control) address
Mac OS
MAC time
Macintosh
mactime tool
magnetic tapes
copying and converting formats
mainframes
malware
management
big-picture presentation for
IT training for
Mandrake
Mardakhayeu, Mikalai
Massachusetts, law protecting personal data
MASSter Solo 4 Forensic Portable Evidence Seizure Tool
MD5 (Message Digest 5)
diagram to explain verification
md5deep
md5sum utility
media (press), authorization to speak to
media (storage). See also hard drives
optical
preparing for forensic copies
removable
identifying as evidence,
memory
power for
snapshot of
volatile data
Message Digest 5 (MD5)
metadata
Microsoft Office, encryption by
Microsoft Outlook, E-mail message Properties dialog box
Microsoft VirtualServer/Virtual PC
Microsoft Windows Mobile
Microsoft Word, metadata for document
Milner, Michael
MIME (Multimedia Internet Message Extensions)
miniature SD drives
missing individuals, locating
MkLinux
mmcat tool
mmls tool
mmstat tool
mobile devices
for documentary evidence
evidence collection from
extracting data from
operating systems
Mobilyze
modems
“modified” date, of Windows file
motives of criminal activity
MS-DOS
multiboot configuration
and hidden partition
Multimedia Internet Message Extensions (MIME)
N
National Center for Missing and Exploited Children (NCMEC)
National Institute of Justice, Forensic Examination of Digital Evidence: A Guide for Law Enforcement
National Institute of Standards and Technology (NIST)
Computer Security Resource Center
National Security Agency (NSA)
NCMEC (National Center for Missing and Exploited Children)
NetAnalysis
Netcat
Netstat utility
network activity files
network device logs
Network File System (NFS)
Network World
neutrality of forensic investigation
New Technology File System (NTFS)
Newell Rubbermaid network, hacking of
NFS (Network File System)
NIST (National Institute of Standards and Technology)
Computer Security Resource Center
nonrepudication, from encryption
normal shutdown process
Norton Ghost
notes for testimony
NoWrite
NSA (National Security Agency)
NTT DoCoMo, I-Mode
O
objectives in report
O’Connor v. Orgeta
online password cracking methods
Ontrack DataEraser
open source
opening files, and access date change
operating systems
and file location defaults
logs
Macintosh and Mac OS
on suspect machine
tools and procedures for
UNIX/Linux
Windows
optical media
organization, legal rights and limits
original document, vs. copy
original evidence media, storage and protection
OS/46
Oxygen Forensic Suite 123
P
.pab file extension
packets
tracking path of
PAGEFILE.SYS
Palin, Sarah, e-mail account hacked
Palm dd (pdd)
Palm OS (3Com)
palmtops
Pani, Biswamohan
Paraben Corporation
Case Agent Companion, sample report
Chat Stick
Device Seizure
Paraben Porn Stick
Snagit
StrongHold Bag
partial volume images
partition data
in DriveSpy
Pasco
passcode
Passware password Recovery Software
Password Recovery Toolkit (AccessData)
password vault programs
passwords
asking for
cracking
legality of
recognizing attempts,
deducing
finding
social engineering to obtain
sticky notes for
strong
PC-DOS
PDAs
PDBLOCK
personal computers (PCs)
personal portable devices
extracting data from
lost data
PGP
PhilTools Image Steganography
phishing
photographs
for documentation
as evidence
of evidence’s original state
pictures, hidden messages in
plaintext
pocket computers
POP (Post Office Protocol)
Porn Stick (Paraben)
port scanners
portable devices, evidence collection from
portable laptop drives
ports, list of open
POST boot cards
Post Office Protocol (POP)
power (electricity)
for computer system, vs. shutting down
for eSATA
negative impact of loss
supplying as needed
power as criminal motivator
power cord, disconnecting
PowerMac
PowerPoint presentation
guidelines
metadata
preinstalled tools
preparation, equipment checklist
presentation aids
presentation of evidence
organization of
outline when planning
simplicity in
printer buffers
private key algorithms
ProDiscover
ProDiscover Incident Response (Technology Pathways)
productivity, impact of incident on
profile for Windows user
Properties dialog box, for Office documents
properties, hiding documents by changing
proprietary information
employee misuse of
indictment for theft of
prosecution concerns
protocols
PsService
.pst file extension
psychiatric illness in criminals
public key algorithms
Puff
.pwl file extension
PyFLAG
Q
QEmu
Quick View Plus file viewer
R
rainbow tables
RainbowCrack
read-only image
read-only media, for capture tools
READYBOOT.SFCACHE
real evidence
Recycle Bin
file recovery from
Red Hat
relevant evidence
remote system, saving volatile information to
removable media
identifying as evidence
reports of tools testing
reports on evidence
consistency in terminology
Federal Rule requirements for
formulating
importance of details
interviews and diagram
organizing
sample for copyright piracy case
analysis section
disk imaging
findings section
follow-up reports
glossaries and appendixes
initial assessment
objective section
recommendations
subsections,
summary
supporting documentation, ,
sections
software for generating
summary
templates for
videotapes and photographs
reputation
Request for Comments (RFC) on data volatility
retail credit card payment systems, hacking of
revenge as criminal motivator
rhdtool.exe
Rifiuti
RoboForm Pro
root directory (UNIX/Linux)
routers
logs
rules, of evidence collection and handling
running services, collecting list
S
sampling data
Samsung 2G cell phone
sanitizing media
new hard drives
SANS Institute
computer security training courses
Web site
Web site, white paper on Ghost as forensic tool
SANS Investigative Forensic Toolkit (SIFT)
SANS Reading Room
Sarbanes-Oxley Act
SATA (Serial Advanced Technology Attachment)
scanned documents
Scientific Working Group on Digital Evidence
SCO
scope of investigation
screenshots, capturing
SCSI hard drives
search and seizure
guidelines
search warrants
Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations
Second/Third Extended Filesystem (ext2/ext3)
Secure Digital (SD) drives
Secure Hashing Algorithm Version 1.0 (SHA-1)
security
as corporate priority
user awareness
Security Accounts Manager (SAM)
security incident
security policies
SecurityBag.com
senior management, responsibility for data breaches
September 2001 terrorist attacks
Serial Advanced Technology Attachment (SATA)
Serpent
servers
services, collecting list of running
sexual impulses as criminal motivator
SHA-1 (Secure Hashing Algorithm Version 1.0)
SharedObject Reader plugin
shutting down computer
and evidence loss
vs. maintaining power
sigfing tool
signature analysis
Simple Mail Transfer Protocol (SMTP)
simplicity, in evidence presentation
site survey
slack space
capturing
Slackware
Sleuth Kit (TSK)
SMART
SMART Acquisition Workshop (SAW)
smartphones
SMTP (Simple Mail Transfer Protocol)
Snagit
sniffer programs
social engineering
for encryption keys
software
for generating reports
as key loggers
for steganography
software suites
EnCase
Forensic Toolkit (FTK)
ProDiscover
SANS Investigative Forensic Toolkit (SIFT)
Sleuth Kit (TSK)
X-Ways Forensics (XWF)
software write blockers
.sol file extension
solid-state disks
sorter tool
sound files, hidden messages in
source code, of HTML pages
spammer, investigating
spanning across multiple disc
Spartans
spread-spectrum frequency hopping
SQL Slammer worm
Ssdeep
state preservation evidence
static data support
static discharge
statute of limitations
Stealth
Steganographic File System (SFS)
steganography
sticky notes
storytelling approach of attorneys
strong passwords
StrongHold Bag (Paraben)
subpoena
substitution cipher
summons, for court appearance
Sun Microsystems
Sun Solaris
Super DriveLock
supporting documentation, in report
SuSE
swap file
Symantec
Norton Ghost
Web site
Symbian
symmetric key algorithms
T
tamperproof evidence bags
TCP/IP (Transmission Control Protocol/Internet Protocol)
technical concepts explained
in court
to nontechnical people
Technology Pathways
ProDiscover
ProDiscover Incident Response
technology, use in presentations
TechSmith Corporation
telecommuting
templates, for reports
temporary Internet files
Firefox for Windows directory for
FTK displaying
terminated employees, access to company networks
testifying in court
appearance for
attitude
audience and
best practices
brevity
explaining technical concepts
justifying investiation steps
KISS method
listening and
notes for
preparation
presentation aids
tone of voice
understanding case
understanding job
understanding strategy
vocabulary for
testimonial evidence
text files, dd utility to copy
ThumbsPlus File Viewer
time and date stamps
time, official time sites for
timelines, for computer usage
tone of voice, for court testimony
Torvalds, Linus
trace evidence
traceroute command
tracert command
output
trade secrets, indictment for theft of
trade show, presentation at
training
end users
law enforcement
for management
transient files
transposition cipher
Triple DES (3DES)
Trojan horse programs
trust
truthfulness
Turkey
Twofish
U
ubuntu.com Web site
UDP datagrams
UFED (Universal Forensic Extraction Device)
UltraBlock
UltraKit
unallocated sectors on hard drive
capturing
evidence in
unerase tools
unintentional acts, vs. intentional
U. S. Constitution, Fourth Amendment
U. S. Department of Defense, clearing and sanitizing standard DoD 5220.22-M
U. S. Department of Justice
Computer Crime and Intellectural Property Section
Forensic Examination of Digital Evidence: A Guide for Law Enforcement
Web site
U. S. Secret Service
United States v. Barth
United States v. Blas
United States v. Bunkers
United States v. Chan
United States v. Lynch
United States v. Reyes
United States v. Ross
United States v. Tank
United States v. Zacarias Moussaoui
Universal Forensic Extraction Device (UFED)
Universal Serial Bus (USB). See also USB devices
UNIX/Linux
/etc/passwd file
/etc/shadow file
file systems
hiding documents
USB devices
Chat Stick as
flash drives (UFDs)
for forensic software
hub
Paraben Porn Stick as
trace data
USB-to-IDE/SATA write blocker
user ID
users. See also end users
auditing
V
verification of forensic copy
videotapes
of deposition
as evidence
viewers
Vinetto
Virtual FAT (VFAT)
Virtual File System (VFS)
virtual machines
VirtualBox
VirtualServer/Virtual PC (Microsoft)
virus
visual aids, in evidence presentation
VMware
vocabulary, for court testimony
volatile data
collecting
collection tools
EnCase Enterprise Edition support for
saving to remote system
Volatility Framework
voluntary surrender of evidence
W
Wade, Cliff L.
WAP (wireless access point)
war dialing
War Games (movie)
wardriving
warrantless search
web browser
downloading web page
history and cache files for
web pages
cache for
viewing code
web resources
Computer Security Resource Center
on training
white text to hide information in documents
WinDirStat
Window Washer
Windows
directory structure
folder hierarchy structure
hexadecimal editor for
password files
Windows Event Viewer
WinHex
clone disk copy
WinZip, encryption by
wireless access point (WAP)
wireless local area networks (WLANs).1x standard for
wireless technology
Wireshark Network Analyzer
witness in court. See also expert witnesses; testifying in court
evidence attested to by
Word documents
metadata
white text to hide information
workstations
inventory maintenance
WorldCom
worm
write blockers
hardware
software
WS_FTP
wsftp.log file
X
X-Ways Forensics (XWF)
X-Ways Investigator
X-Ways Software Technology AG
X-Ways Trace
Y
Yastremskiy, Maksym
Z
Zdziarski’s Forensics Guide for the iPhone
zip disks
.zip file extension
Zip Password (LastBit)