Index
Access Data
Active partition
Address:
HEX editor address panel
Logical Block Address (LBA)
Adobe
Advanced Encryption Standard (AES)
Apple/Macintosh:
boot process in
endian designation by
file extensions for
file signature information for
file systems of
hard drive removal from
operating systems
ASCII (American Standard Code for Information Interchange):
binary and decimal values assigned to
extended
HEX equivalent to
overview of
Bad clusters
Base 2 numbering system. See also Binary system
Binary system:
ASCII equivalents to
binary (HEX) editor
binary tree filing system
bits as building blocks of
b-tree filing system
character codes using (see also ASCII; Hexadecimal characters; Unicode)
decimal equivalents of
electricity and magnetism relationship to
exponents/power of 2 in
fundamentals of
HEX representation of
origins of data in
BIOS (Basic Input Output System)
$Bitmap
Bits:
ASCII coding scheme using
as binary system building blocks
bit-for-bit imaging of evidence
bytes as eight (see also Bytes)
exponential combinations of
HEX system using
as origins of data
Unicode/UCS using
Books, cataloging of
Boot process:
BIOS function in
boot device sequence
booting up
boot loader in
evidence corruption during
file mounting in
HEX editor in
Master Boot Record in
partitions/partition table in
POST function in
setup utility in
signature words in
summary of
Volume Boot Record in
write blocking or protection in
Braille Encoding System
Bytes:
byte offsets
character codes using
cluster size in
endianness by significance of
HEX system using
partition size in
per sector
signature
Case study
Cataloging systems. See also File systems
Chain of custody
Character codes:
ASCII as
binary system basis for
decimal value for
HEX as
HEX editor character panel
textual data processing using
Unicode/UCS as
Ciphers
Clocks. See also Time
clock manipulation
clock model
clock skew
system clock verification
Clusters:
allocation of
bad
cluster size
file system use of
number of clusters needed
sectors per cluster
Complex files
Compound files
Compressed files. See also ZIP file format
Confidentiality of data
Coordinated Universal Time (UTC)
Creation date and time
Cyber forensic concepts. See also Cyber forensic practices
boot process (see Boot process)
endianness (see Endianness)
evidential data (see Data; Evidence)
files (see Files; File systems)
hard drives (see Hard drives; Partition; Volumes)
Cyber forensic practices. See also Cyber forensic concepts
case study
data preparation
evidence acquisition
evidence handling
evidence retention and curation
forensic process
investigation
Investigative Smart Practices
quality control assessment
reporting
request for investigation
time and
Cylinders:
Cylinder, Head and Sector (CHS) fields
hard drive tracks and cylinders
Data. See also Evidence
ASCII coding scheme of
binary system
bits as building blocks of
character codes for (see also ASCII; Hexadecimal characters; Unicode)
confidentiality of
data preparation in cyber forensics
decimal system
electricity and magnetism relationship to
encryption of
endianness of
files of (see Files)
forensic imaging of
fundamentals of
hexadecimal representation of
HEX-data panel
indexing
metadata
native format of
origins of
resident
searching
timestamp
Unicode/UCS standard for
verifying
write blocking or protection of
Data preparation:
data verification in
deleted file recovery in
indexing in
mounting in
preprocessing in
searching in
steps in
Dates. See also Time
accessed/last accessed date and time
chain of custody including
creation date and time
date stamps
days
determination of
directory entry including
investigation noting discrepancies in
last modified date and time
months
order and interpretation of
search criteria including
years
Decimal system:
binary equivalents of
HEX character equivalents to
Defragmentation of hard drives
Directory entries. See also Master File Table
Domino
DOS (Disk Operating System), Microsoft:
boot process in
file extensions used by
file signatures for
file system of
partitions in
time and date stamps in
Dwords
Electricity and magnetism
Electronic Communications Privacy Act
Email, evidence acquisition of
EnCase
Encrypted files
Endianness:
big vs. little
of data
origins of
partition tables and
Evidence:
access rights to, securing
acquisition of
best evidence rule
bit-for-bit imaging of
boot process corruption of
chain of custody for
confidentiality of
data as (see Data)
duplicate
forensic imaging of
handling of
hashing
ISO standards for
original
privacy laws related to
reporting findings from
retention and curation of
types/classification of
write blocking or protection of
Excel, Microsoft
Exchange
exFAT (extended file allocation table) file system
Expert witness testimony
Exponents, law of
Extended partition
Extensions, file
EXT file systems
FAT (File Allocation Table) file systems. See also File systems
cluster size determination in
directory entries in
exFAT
FAT 12
FAT 16
FAT 32
file allocation table in
HEX in
limitations of
slack space in
time and date stamps in
Volume Boot Record in
FDISK partition editors
Files:
boot process allowing access to (see Boot process)
changing file extensions as deception
complex
compound
compressed (see also ZIP file format)
encrypted
file attributes
file extensions
file formats and structures
file headers
file signature databases
file signature information
file slack
file systems
fragmentation of
HEX editor viewing
metadata in
mounting
native format of
object linking and embedding in
recovering deleted
value of file signatures
verification of
File systems:
alternative
binary tree file systems
$Bitmap in
boot process allowing access to (see Boot process)
b-tree file systems
bytes per sector in
cluster allocation in
cluster size determination in
directory entries in (see also Master File Table)
exFAT file systems
EXT file systems
FAT (File Allocation Table) file systems
file allocation table in
file attributes in
HEX in
Hierarchical File System
library cataloging systems comparison to
limitations of
Master File Table in (see also Directory entries)
metadata in
NTFS (New Technology File System)
overview of
Partition Boot Record in
partitions, volumes and (see also Partition Boot Record and Volume Boot Record subentries)
sectors per cluster in
slack space in
system ID field
time and date stamps in
UNIX File System
Volume Boot Record in
Forensic imaging
Forensic process. See also Cyber forensic practices
Forensic report
Fourth Amendment
FTK
GIF (Graphic Interchange Format) file format
Google searches
Guidance Software
Hard drives:
boot process (see Boot process)
clusters on
defragmentation of
evidence corruption on
labels
partition of
removal of
sectors of (see Sectors)
technology of
tracks and cylinders of
volumes of
Hash values
Headers, file:
compound file
data in
file format/attributes identified in
HEX editor header panel
metadata in
Hexadecimal (HEX) characters:
ASCII equivalent of
binary to HEX conversion
binary values represented by
bit, byte and nibble equivalents to
boot process using
decimal equivalents to
file identification using
file system use of
hashes displayed in
HEX editor
offsets relative to
time and date stamps using
Hierarchical File System (HFS)
HTML (hypertext markup language) file format
Indexing data
Intel processors
Investigation. See also Cyber forensic practices
closing case files in
definition of
document initiating
expert witness role of investigator
Investigative Smart Practices
legitimacy and scope of
objectives of/steps in
post-investigation quality control assessment
privacy laws impacting
report communicating findings of
request for
search criteria in
wrap-up and conclusion of
ISO standards:
14721:2003
15489:2001
Java Virtual Machine
JPEG (Joint Photographic Experts Group) file format
Keywords
Last modified date and time
Library cataloging systems
Linux
Logical Block Address (LBA)
Logical partition
Macintosh:
boot process in
endian designation by
file extensions for
file signature information for
file systems of
hard drive removal from
operating systems
Magic number. See also Files: file signature information
Magnetism
Master Boot Record (MBR)
Master File Table. See also Directory entries
Metadata
Microprocessor calculations
Microsoft:
Compound File Binary Format
DOS
Excel
file extensions used by
file signatures of MS products
file system of
Head values bug in
Office 2003
Office 2007
Office Open XML format
Outlook
PowerPoint
time and date stamps by
Windows Operating System
Word
Motorola processors
Mounting files
Native format
Network acquisitions
Network Time Protocol (NTP)
Nibbles
Non-disclosure agreements
Novell
NTFS (New Technology File System)
$Bitmap in
file attributes in
limitations of
Master File Table in
Partition Boot Record in
OAIS (open archival information systems)
Object linking and embedding (OLE)
Obsolescence, technological
OEM (original equipment manufacturer)
Office, Microsoft. See also specific software by name
Office 2003
Office 2007
Office Open XML format
Offsets
Operating systems:
Apple/Macintosh
boot process in
decimal value references by
endian designation in
file extensions used by
file folder structure of
file formats executed by
file systems of
HEX longevity vs.
Linux
Microsoft DOS
Microsoft Windows
Novell
OEM (original equipment manufacturer) of
partitions and
registry
time and date stamps by
Unix and Unix-like
variety of and changes to
volumes recognized by
Order of data. See Endianness
Outlook, Microsoft
Partition:
active
Cylinder, Head and Sector (CHS) fields of
deletion and recovery of
extended
FDISK partition editors
file systems in (see File systems)
HEX starting value of, deciphering
logical
Logical Block Address in
Partition Boot Record
partition table
primary
size of
start of
system ID field
type of
volumes vs.
POST (Power On Self Test)
PowerPC processors
PowerPoint, Microsoft
Primary partition
Privacy Protection Act
Processors, endian designation in. See also Operating systems
Quality control assessment
QuickTime file format
Registry, operating systems
Report, forensic:
characteristics of
contents of
purpose of
sample of
Resident data
Searches:
data preparation searches
Google searches
investigation search criteria
keyword
Sectors:
bytes per
clusters of
compound file
Cylinder, Head and Sector fields
file systems use of (see File systems)
in hard drive structure
Logical Block Address of
Master Boot Record as first
number of
partition as collection of (see also Partition)
Partition Boot Record sector
SecID of
Sector Allocation Table
signature words as end of sector markers
slack as unused
volume as collection of (see also Volumes)
Volume Boot sector
Setup utility
Signature, file
Signature words/bytes
Slack space
Stevens, Malcolm
Sun’s SPARC
System ID field
Technological obsolescence
TIF (Tagged Image File) file format
Time. See also Dates
accessed/last accessed date and time
chain of custody including
clock manipulation impacting
clock model of
clock skew impacting
Coordinated Universal Time (UTC)
creation date and time
cyber forensics and
definition of
determination of
directory entry including
hours
inaccuracy of
investigation noting discrepancies in
keeping track of
last modified date and time
minutes
MS-DOS 32-bit timestamp
Network Time Protocol
search criteria including
seconds
system clock verification
time-bounding techniques
timelines
timestamps
Unallocated space
Unicode/Universal Character Set (UCS):
ASCII as foundation of
decimal values for
HEX equivalent of
Unix and Unix-like operating systems
Unix File System (UFS)
UTC (Coordinated Universal Time)
Volumes:
file systems in (see File systems)
partitions vs.
Volume Boot Record (VBR)
Windows Operating System. See also Microsoft
boot process in
file extensions used by
file folder structure of
file system of
HEX longevity vs.
metadata information via
partitions in
time and date stamps by
Word, Microsoft
Write blocking or protection
XHTML (extended HTML) file format
XML (extensible markup language) file format
ZIP file format