Glossary

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

GLOSSARY

acceptable use of computers Defines what activities are acceptable on computer systems owned by the organization.

access attack An attempt to gain information that the intruder is not authorized to see.

access control A mechanism used to restrict access to files, folders, or systems based on the identification and authentication of the user.

accountability The process administration uses to account for an individual’s activities and to assign responsibility for actions that have taken place on an information system.

Address Resolution Protocol (ARP) spoofing A tactic used to forge the MAC address of a system to get packets directed to the attacking computer.

administrative practices Practices that fall under the areas of policy, procedure, resources, responsibility, education, and contingency plans.

advanced persistent threat (APT) Generally considered to be a hacker or group of hackers with significant resources, who are targeting specific enterprises. The APT uses exploits that may never have been seen before and compromises systems with the intent of keeping control of them and making use of them for some time.

agents The people or organization originating a security threat.

anomaly Something that is out of the ordinary or unexpected.

anti-malware system A system designed to detect and remove malicious software.

application layer firewall A firewall that enforces policy rules through the use of application proxies.

asymmetric encryption An encryption system that uses a different key to perform encryption and decryption functions.

audit One, a formal check to determine policy compliance, typically performed either by internal auditors at a company or organization or by an independent third party. Two, a function in an operating system that provides administrators with a historic record of events and activities that occurred on an information system, for future reference.

availability The degree to which information is available when it is needed by authorized parties. Availability may be measured as the percentage of time information is available for use by authorized websites. For example, a business website may strive for availability above 99 percent.

backup Copies of critical information that are archived in the event of a system crash or a disaster.

backup policy The policy an organization has in place that documents how backup operations will be conducted.

Balanced Scorecard (BSC) A performance measurement framework that is intended to enrich traditional financial performance measures with strategic nonfinancial performance measures, thereby providing a more balanced view of organizational performance. Developed in the 1990s by Drs. Robert Kaplan (Harvard Business School) and David Norton. (For additional information, see www.balancedscorecard.org.)

best practices A set of recommendations that generally provides an appropriate level of security. A combination of those practices that proved to be most effective at various organizations.

biometrics The use of something related to the human body—for example, fingerprints, retina/iris prints, palm prints, hand geometry, facial geometry, or voice recognition—to authenticate an individual’s identity for access.

black bag job A nighttime operation that leaves no evidence of your forensic imaging.

black swan event An event that is highly improbable and therefore likely to end up at the bottom of the list of priorities to address. See The Black Swan: The Impact of the Highly Improbable, by Nassim Taleb (Random House, 2010) for further reading on the theory of black swan events.

botnet A malicious botnet is a network of compromised computers used to transmit information, send spam, or launch denial-of-service (DoS) attacks. Essentially, a malicious botnet is a supercomputer created by and managed by a hacker, fraudster, or cybercriminal.

brute-force attack An attempt by a hacker to gain access to a system by trying to log on to one or many accounts using different combinations of characters to guess or crack a password.

buffer overflow The process of overwriting memory in such a way as to cause an attacker’s code to be executed instead of the legitimate program, with the intent of causing the system to be compromised or allowing the attacker to have elevated privileges to the system.

certificate authority (CA) A central management entity that issues or verifies security credentials.

chain of custody A document listing in whose possession and control an item was, and when.

change control procedure The process used by an organization to verify the current system configuration and provide for the testing and approval of a new configuration before it is implemented.

charter A document that describes the specific rights and privileges granted from the organization to the information security team.

ciphertext Information after it has been obfuscated by an encryption algorithm.

cloud computing As defined by the National Institute of Standards and Technology (NIST), a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (such as networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

communications security The measures employed to secure information while it is in transit.

compliance A process that ensures that an organization adheres to a set of policies and standards, or the adherence to such standards. Two broad categories of compliance are compliance with internal policies (specific to a particular organization) and compliance with external or regulatory policies, standards, or frameworks.

computer security The means used to protect information on computer systems.

computer use policy Specifies who can use the organization’s computer systems and how those systems can be used.

confidentiality The prevention of disclosure of information to unauthorized parties.

consultant A subject matter expert who is contracted to perform a specific set of activities. Typically, a statement of work outlines the deliverables to be completed by the consultant and the deadlines for each deliverable.

core competencies The fundamental strengths of a program that add value. They are the primary functions of a program and cannot or should not be done by outside groups or partners.

countermeasures The measures undertaken by an organization to address the identified vulnerabilities of the organization.

cryptanalysis The art of analyzing cryptographic algorithms with the intent of identifying weaknesses.

cryptographer An individual who practices cryptography.

cryptographic checksum A binary string created by running the binary value of the software through a cryptographic algorithm to create a result that will change if any portion of the original binary is modified.

cryptography The art of concealing information using encryption.

data cleansing The actions performed on a set of data to improve the data quality and achieve better accuracy, completion, or consistency.

Data Encryption Standard (DES) A private key encryption algorithm developed by IBM in the early 1970s that operates on 64-bit blocks of text and uses a 56-bit key.

data leakage prevention (DLP) A mechanism for examining network traffic and detecting sensitive information.

data loss prevention DLP systems are typically network appliances that review all network traffic on your external network, looking for signs of improper data being sent outside the company.

dd image Also called a “raw image,” this is a computer forensic image of a system in which the data from the storage device is housed as a single file or multiple files, but without any type of container that stores checksums or hashes.

decryption The process used by encryption systems to convert ciphertext into plaintext.

default allow A policy in which any traffic is allowed except that which is specifically denied.

default deny A policy in which any traffic is denied except that which is specifically allowed.

defendant In a lawsuit, the person and/or company who is being sued by the plaintiff or who is being tried for a criminal act.

defense in depth An architecture in which multiple controls are deployed in such a way that weaknesses in one control are covered by another.

denial of access to applications The tactic of denying the user access to the application that displays the information.

denial of access to information The tactic of making information the user wants to see unavailable.

denial of access to systems The tactic used by an attacker to make a computer system completely inaccessible by anyone.

denial-of-service attack The process of flooding a server (e-mail, web, or resource) with packets to use up bandwidth that would otherwise be allocated to normal traffic and thus deny access to legitimate users.

deperimeterization The current state of most perimeters—full of holes that reduce or eliminate the effectiveness of the perimeter.

Diffie-Hellman key exchange A public key encryption algorithm developed in 1976 to solve the problem of key distribution for private key encryption systems. Diffie-Hellman cannot be used to encrypt or decrypt information, but it is used to exchange secret keys.

digital signature A method of authenticating electronic information by using encryption.

digital signature algorithm An algorithm developed by the U.S. government as a standard for digital signatures.

dirty data Data that has unacknowledged correlation or undocumented origins or that is biased, nonindependent, internally inconsistent, inaccurate, incomplete, unsuitable for integration with data from other important sources, unsuitable for consumption by tools that automate computation and visualization, or lacking integrity in some other respect.

disaster recovery The processes and procedures to protect systems, information, and capabilities from extensive disasters such as fire, flood, and extreme weather events.

disaster recovery plan The procedure an organization uses to reconstitute a networked system after a disaster.

discovery A phase in litigation between two parties. During discovery, plaintiffs and defendants are allowed to ask each other for documents they believe responsive to their claims or defenses.

Distributed File System (DFS) Microsoft uses the term to describe its implementation of this technology within Windows servers. Multiple systems appear to have local storage, which is actually mapped across multiple systems in the network.

DMZ (demilitarized zone) A network segment containing systems that can be directly accessed by external users.

DNS (Domain Name Service) spoofing A tactic that allows an attacker to intercept information from a target computer by exploiting the DNS by which networks map textual domain names onto the IP numbers used to actually route data packets.

dumpster diving The act of physically sifting through a company’s trash to find useful or sensitive information.

dynamic network address translation The process used to map multiple internal IP addresses to a single external IP address.

eavesdropping The process of obtaining information by being positioned in a location at which information is likely to pass.

egress filtering Filtering traffic that exits through a perimeter.

Elgamal A variant of the Diffie-Hellman system enhanced to provide encryption, with one algorithm for encryption and another for authentication.

elliptic curve encryption A public key encryption system based on a mathematical problem related to elliptic curves.

e-mail policy Governs employee activity and use of the e-mail systems.

emissions security The measures used to limit the release of electronic emissions.

encryption The process of changing plaintext into ciphertext.

encryption algorithm The procedures used for encrypting information.

event In the context of security risk, this is the type of action that poses a threat.

evidence drive Also called the “original evidence,” this is the hard drive being imaged, versus the storage drive to which we are writing the evidence.

failover Provisions for the reconstitution of information or capability. Fail-over systems are employed to detect failures and then to reestablish capability by the use of redundant hardware.

false negative A result that indicates no problem exists where one actually exists, such as occurs when a vulnerability scanner incorrectly reports no vulnerability exists on a system that actually has a vulnerability.

false positive A result that indicates a problem exists where none actually exists, such as occurs when a vulnerability scanner incorrectly identifies a vulnerability that does not exist on a system.

Faraday cage A device that blocks electrical fields, including radio waves used for cell phones and tablet devices to communicate.

file carving Techniques used to recover full or partial remnants of files from the unallocated space of the disk or within large files.; involves removing pieces of data from a large set and putting it aside, much as you would carve a turkey, taking the meat but leaving the bones.

findings The results of your investigation, or what your review of the evidence revealed.

firewall A network access control device (either hardware or software) designed to allow appropriate traffic to flow while protecting access to an organization’s network or computer system.

first-party knowledge You personally witnessed and have knowledge of the event to which you will be testifying. If you heard the information from another party, then repeating it in court would be considered hearsay because you did not personally witness it.

forensic artifact A reproducible file, setting, or system change that occurs every time an application or the operating system performs a specific action.

forensic image A bit-for-bit copy of the data from the entire contents of a piece of digital storage—that is, areas of the storage medium in use and not in use. Typically a forensic image is accompanied by a hash that allows the analyst to verify that the contents have not changed.

forensically sound method A method that does not alter the original evidence; some kind of write protection exists to prevent or intercept possible changes to the disk.

GOST A Russian private-key encryption algorithm that uses a 256-bit key, developed in response to DES.

hacker An individual who breaks into computer systems.

hacktivism Process of hacking a computer system or network for “the common good.”

hash A mathematical algorithm that converts data of any length to a fixed set of hexadecimal characters that represent that data.

hierarchical trust model A model for trust in a public key environment that is based on a chain of authority. You trust someone if someone higher up the chain verifies that you should.

honey pots Used in research and intrusion prevention systems, honey pots are usually virtual machines that are configured insecurely to lure an attacker in. The attacker’s actions are recorded outside of the honey pot and their methods are analyzed.

hot site An alternative location for operations that has all the necessary equipment configured and ready to go in case of emergency.

identification and authentication The process that serves a dual role of identifying the person requesting access to information and authenticating that the person requesting the access is the actual person they say they are.

incident response procedures (IRP) The procedures an organization employs to define how the organization will react to a computer security incident.

information classification standards Standards that specify treatment of data (requirements for storage, transfer, access, encryption, and so on) according to the data’s classification (public, private, confidential, sensitive, and so on).

information control The processes an organization uses to control the release of information concerning an incident.

information policy The policy used by an organization that defines what information in an organization is important and how it should be protected.

information security One, the measures adopted to prevent the unauthorized use, misuse, modification, or denial of use of knowledge, facts, data, or capabilities. Two, the protection of information and information systems from unauthorized access, use, disclosure, modification, or destruction. Also commonly referred to as data security or IT security.

ingress filtering Filtering traffic that enters through a perimeter.

in-house counsel A lawyer or lawyers who work in your company. Most large companies have legal departments, and the head of the department is called the general counsel.

integrity The prevention of data modification by unauthorized parties.

intercept of a line Identifies the point at which the line crosses the vertical y axis. An intercept is typically expressed as a single value b but can also be expressed as the point (0, b).

interception An active attack against information by which the intruder puts himself in the path of the information transmission and captures the information before it reaches its destination.

IP spoofing A tactic used by an attacker to forge the IP address of a computer system.

IPSec (Internet Protocol Security) A protocol developed by the Internet Engineering Task Force (IETF) to provide the secure exchange of packets at the networking layer.

ISO 27002 The document published by the International Organization for Standardization (ISO) to serve as a guideline for organizations to use in developing information security programs.

JSON JavaScript Object Notation is a mix of XML and JavaScript used to transfer data between a web browser and a web server without having to reload a web page. Ajax uses JSON in websites we’ve come to know as Web 2.0.

key The data input into an algorithm to transform plaintext into ciphertext or ciphertext into plaintext.

litigation A lawsuit; a legal proceeding in court that occurs when a plaintiff sues a defendant.

live forensics The act of performing a forensic examination or acquisition on original evidence, particularly a computer hard drive that is powered on and running.

MAC duplicating The process used by an attacker of duplicating the Media Access Control (MAC) address of a target system to receive the information being sent to the target computer.

malicious code Programming code used to destroy or interfere with computer operations. Generally, malicious code falls into three categories: viruses, Trojan horse programs, and worms.

malware Malicious software written to cause harm to the victim’s computer system by theft of personal information, proliferation of itself, providing remote access to the user’s system, or destruction of data, among other things.

man-in-the-middle attack Also known as “interception,” this type of attack occurs when the intruder puts himself in the middle of a communication stream by convincing the sender that he is the receiver and the receiver that he is the sender.

masquerading The act of impersonating someone else or some other system.

MD5 Message Digest Algorithm 5 is a 128-bit hash value that uniquely represents a data set of any size that was computed using it. Every time a piece of data is computed with the MD5 algorithm, it will have the same value unless the data has been changed. MD5 is commonly used to check data integrity.

metrics project distance The amount of a change you want to achieve in your target measurement by the end of the metrics project.

metrics project timeline How long you want to spend to achieve the metrics project distance.

mission statement A statement that outlines an information security program’s overall goals and provides guidelines for its strategic direction.

modification attack An attempt by an attacker to modify information that he or she is not authorized to modify.

narrative A method of organizing the facts of your investigation into a story rather than just listing details. A narrative provides nontechnical details such as the timing of an action—for instance, when the suspect deleted his data after he was put on notice.

network address translation The process of translating private IP addresses to public IP addresses.

network behavior analysis An anomaly detection mechanism that watches the flow of traffic on the network. Flow information is acquired from routers and switches or from a device directly connected to the network.

network credentials Such things as the username and password required to log in to a company computer as the administrator, for example, or the password to network routers and security appliances.

network forensics A monitoring mechanism that collects all traffic that flows across the network in front of the collection point.

network intrusion detection system (NIDS) A monitoring system that sits “out of band” and watches network traffic looking for indications of an attack.

network intrusion prevention system (NIPS) A layer 2 network control that sits inline with traffic and watches for indications of an attack. When an attack is identified, the traffic can be blocked.

network-level risk assessment The assessment of the entire computer network and the information infrastructure of an organization.

network security The measures used to protect information used on networked systems.

objective desired direction The direction in which you want the metrics project measurement to go to achieve the benefits of an information security metrics program, especially the benefit of improvement.

offshoring Contracting work to resources in a different country (either third party or in house).

one-time pad (OTP) The only theoretically unbreakable encryption system, this private key encryption method uses a random list of numbers to encode a message. OTPs can be used only once and are generally used for only short messages in high-security environments.

online analytical processing (OLAP) A specific type of data storage and retrieval mechanism that is optimized for swift queries that involve summarization of data along multiple factors or dimensions.

orange book Also known as the Trusted Computer System Evaluation Criteria (TCSEC), this book was developed by the National Computer Security Center for the certification of computer systems for security.

orchestration The administrative oversight that ensures the workflow is executed as specified. It includes functions such as signing off on a metric definition, deployment of its implementation, scheduling its calculation at regular intervals, and executing and delivering updates. See also workflow.

organization-wide risk assessment An analysis to identify risks to an organization’s information assets.

original evidence The source of a case’s evidence.

outside counsel A law firm retained by a company that desires a third-party opinion regarding a decision, also typically retained to represent the company in litigation.

outsourcing Contracting work to a third-party vendor.

packet-filtering firewall A firewall that enforces policy rules through the use of packet inspection filters.

penetration test A test of the capability of an organization to respond to a simulated intrusion of its information systems.

perimeter The boundary of a network or network zone.

physical security The protection of physical assets by the use of security guards and physical barriers.

ping of death An ICMP echo-request packet sent to the target system with added data with the intent of causing a buffer overflow or system crash.

plaintext Information in its original form. Also known as “cleartext.”

plaintiff The person and/or company who has initiated the lawsuit against the defendant. There is usually only one plaintiff, except in a class action lawsuit.

policy decision point A control that determines a policy violation has occurred.

policy enforcement point A control that performs an enforcement action.

policy review The process used by an organization to review its current policies and, as necessary, to adjust policies to meet current conditions.

prioritization An exercise in determining relative importance of tasks, projects, and initiatives.

private class addresses Non-Internet routable IP addresses defined by RFC 1918.

private key encryption An encryption process requiring that all parties who need to read the information have the same key.

privilege The status of a document or communication between the attorney and the client (attorney-client privilege). Any e-mail, documents, or other communication between and attorney and a client is considered privileged by default and is exempt from discovery unless a judge rules otherwise.

project management Defining an end goal and identifying the activities, milestones, and resources necessary to reach that end goal.

project scope Indicates project coverage, typically by identifying the different regions, different networks, and/or different groups of people the project encompasses.

proxy A security device used to apply policy to web traffic.

public classification The least sensitive level of information classification; information that is already known by or can be provided to the public.

public key encryption An encryption process that requires two keys: one key to encrypt the information and a different key to decrypt the information.

quantum cryptography An encryption system that uses the power of quantum mechanics instead of traditional methods.

quartiles Division of all of the observations into four equal groups, which hold the lowest one-fourth of all observed values (first quartile), the highest one-fourth of all observed values (fourth quartile), and the two middle fourths, one-fourth above and one-fourth below the median value (or the value that divides the set of observations into two equal halves).

RASCI A project management methodology for assigning roles in projects that involve many people and teams. Each letter in RASCI stands for a different type of role—Responsible, Approver, Supporter, Consultant, and Informed—each with corresponding responsibilities.

raw image Also called a “dd image” (for the dataset definition command, dd). A computer forensic image of a system in which the data from the storage device is housed as a single file or multiple files, but without any type of container that stores checksums or hashes.

red book Also known as the Trusted Network Interpretation of the TCSEC, this document provided guidelines for system security certifications in a networked environment.

regular expression A mechanism to match patterns within text.

remote login (rlogin) Enables a user or administrator to log in remotely to a computer system and to interact as if they were logging in on the actual computer. The computer system trusts the user’s machine to provide the user’s identity.

repudiation attack An attack in which the attacker targets the accountability of the information.

Request for Proposal (RFP) A document that an organization uses to solicit proposals for a project that has specific requirements. The organization can then use the responses to the RFP to evaluate and compare the proposals of multiple vendors.

Rijndael The algorithm used for the advanced encryption standard. This private key cipher uses blocks and keys of 128, 192, and 256 bits.

risk The potential for loss.

rootkit A collection of tools used by hackers to cover their intrusion into a computer system or a network and to gain administrator-level access to the computer or network system. Typically, a back door is left for the intruder to reenter the computer or network at a later time.

router A device used to route IP traffic between networks. Although a router can be used to block or filter certain types of traffic, its primary purpose is to route traffic as quickly as possible.

RSA Rivest, Shamir, and Adleman developed this public key algorithm that can be used for both encryption and decryption. RSA is based on the difficulty of factoring large numbers.

sacred cow An idiom for a practice that is implemented simply because it is “how it’s always been done,” without regard for its usefulness or whether it can help achieve a target goal or outcome.

scan An attempt to identify systems on a network. A scan may include actions that attempt to identify the operating system version and the services running on the computer system.

script kiddies Individuals who find scripts on the Internet and use those scripts to launch attacks on whatever computer system they can find (considered a derogatory term).

security appliances Any type of dedicated system that is made to secure the company’s network, such as firewalls, content filters, data leakage prevention systems, and so on.

security information and event monitoring (SIEM) A system that gathers security logs from many sources and correlates the events to be able to focus on events of importance.

security policy Defines the technical controls and security configurations that users and administrators are required to implement on all computer systems.

separation of duties The partition of activities of configuring a policy enforcement function from the activity of verifying the compliance of the function.

SHA-1 Secure Hashing Algorithm 1 is a 160-bit value; unlike MD5, it has no known current weaknesses. The SHA-1 hash and the MD5 hash provide additional validation that the data has not been altered. If even a single byte of data is changed, the resulting hash will change.

single-factor authentication The process administration might use with a single authentication method to identify the person requesting access to information. Using a password is a single-factor authentication.

site event A disastrous event that destroys an entire facility.

slope of a line A value that represents how fast the y values are rising or falling as the x values of the line increase.

Slope of line = (y₂ – y₁) / (x₂ – x₁), where (x₁,y₁) and (x₂,y₂) are any two points on the line.

Smurf attack This type of attack sends a ping packet to the broadcast address of a large network and spoofs the source address to point the returning information at the target computer. The intent is to disable the target computer.

sniffer A computer that is configured with software to collect data packets off the network for analysis.

snooping The process of looking through files and papers in hopes of finding valuable information.

social engineering The use of nontechnical means (usually person-to-person contact) to gain access to information systems.

SQL injection An attack that targets applications that take input and use the input in a SQL query.

stack Controls switching between programs that tell the OS what code to execute when the current code has completed execution.

stakeholders Leaders responsible for critical decision-making and key supporters who will drive change throughout the organization.

static network address translation The process used to map internal IP addresses to external IP addresses on a one-to-one basis.

steganography The science of hiding data in plain sight; the most popular method is hiding data within pictures.

substitution cipher One of the oldest encryption systems, this method operates on plaintext, one letter at a time, replacing each letter for another letter or character. Analysis of the frequency of the letters can break a substitution cipher.

suspect The person whose activities we are examining; this does not imply that we believe the person is guilty, but merely that he or she is the focus of our examination.

symmetric encryption A system of encryption where the same key is used to encrypt and decrypt.

SYN flood A denial-of-service attack in which the attacker sends a large number of TCP SYN packets to the target computer to render the computer inaccessible.

target The aspect of an organization’s information system that an attacker might attack.

technical practices Practices that implement technical security controls within an organization.

threat An individual (or group of individuals) who could violate the security of an organization.

threat analysis A method of identifying and categorizing threats to an organization. This type of analysis identifies individuals and groups who have the motivation and capabilities to cause negative consequences to an organization.

traffic and pattern analysis The process by an attacker of studying the communications patterns and activities of a target to discover certain types of activities and information.

Triple DES (TDES) An enhanced version of the Data Encryption Standard (DES) that uses DES multiple times to increase the strength of the encryption.

Trojan horse Malicious code that appears to be a useful program but instead destroys the computer system or collects information such as identification and passwords for its owner.

two-factor authentication The process implemented by administration that employs two of the three authentication methods for identifying a person requesting access to information. An example of two-factor authentication would be using a smartcard with a password.

Twofish A private key encryption algorithm that uses 128-bit blocks and can use 128-, 192-, or 256-bit keys.

uninterruptible power supply (UPS) A battery-powered device that serves two purposes: It provides battery power in case the circuit loses power, and it prevents your workstation from powering off while you are doing something important, such as capturing a forensic image.

use policy The policy an organization develops to define the appropriate use of information systems.

virtual private network (VPN) A communication method that uses encryption to separate traffic flowing over an untrusted network.

virus Malicious code that piggybacks on legitimate code and, when executed, interferes with computer operations or destroys information. Traditional viruses are executed through executable or command files, but they can also propagate through data files.

VPN server A server that serves as an endpoint for a VPN connection.

vulnerability A potential avenue of attack.

vulnerability scan A procedure that uses a software tool to identify vulnerabilities in computer systems.

vulnerability scanning The process of looking for and identifying vulnerabilities intruders may use as a point of attack.

wardialing An attempt to identify phone lines that connect to computers by dialing a large amount of phone numbers to see which ones return a modem tone.

web application firewall A security device that operates on the content directed at a web application.

web root The first folder in the hierarchy from which the web server will return data.

web server The server that provides web pages to web clients. The amount of systems and processing involved in generating a web page depends on the developers and the underlying code that exists in the page.

web of trust model A model for trust in a public key environment based on the concept that each user certifies the certificates of people known to him or her.

Windows Explorer The graphical user interface with which you access your PC desktop when using the Windows operating system. If you are viewing files and folders through My Documents, My Computer, or other Windows areas, you are using Windows Explorer.

Wired Equivalent Privacy (WEP) A protocol designed to protect information as it passes over wireless local area networks (WLANs). WEP has a design flaw that allows an attacker to determine the key by capturing packets.

witness A person called upon to testify in a court of law or in a deposition. Anyone can be a witness if they have information relevant to the case and have first-party knowledge of the information.

work product A legal term that refers to documents, spreadsheets, databases, forensic files, notes, and so on that you produce during your investigation. If your investigation is under direction of an attorney, your work product may be excluded from being produced during litigation.

workflow A collection of rules that govern the relationship of steps required to complete a process. Relationships might include sequence order, branching conditions, looping, and number of repetitions.

worms Programs that crawl from system to system without the assistance of the victim. They make changes to the target system and propagate themselves to attack other systems on the network.

zombies Computers on the Internet that have been compromised and the programs that have been placed on them to launch a denial-of-service attack either at a specific time or on demand.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Glossary

Create new playlist

Sign In

Sign Up

Table of Contents for
Glossary