Forensics & IR terms

25 terms

• Digital Forensics

  The scientific discipline of identifying, preserving, analysing, and reporting on digital evidence from computers, networks, and devices in a legally defensible way.

• DFIR (Digital Forensics and Incident Response)

  A combined discipline that fuses digital forensic investigation with incident response to detect, contain, eradicate, and learn from cyber incidents.

• Incident Response

  The organised process of preparing for, detecting, analysing, containing, eradicating, and recovering from cyber security incidents, then capturing lessons learned.

• Incident Response Plan

  A documented, approved playbook that defines how an organisation prepares for, detects, contains, eradicates, recovers from, and learns from cyber incidents.

• Tabletop Exercise

  A discussion-based simulation in which stakeholders walk through a hypothetical cyber incident to test plans, roles, decisions, and communication.

• Chain of Custody

  The chronological, documented trail showing every person, location, and action affecting a piece of evidence from seizure through final disposition.

• Forensic Imaging

  Creating a bit-for-bit copy of a storage medium, verified by cryptographic hashes, for use in forensic analysis and as legally admissible evidence.

• Write Blocker

  A hardware or software tool that permits read access to a storage device while preventing any write operations that could alter evidence.

• Memory Forensics

  The discipline of acquiring and analysing a system's volatile RAM to reveal running processes, network connections, injected code, and in-memory artefacts.

• Disk Forensics

  The analysis of non-volatile storage media — HDDs, SSDs, USB drives — to recover, examine, and interpret file-system, application, and operating-system artefacts.

• Network Forensics

  The capture, recording, and analysis of network traffic and metadata to investigate security events and reconstruct adversary activity.

• Mobile Forensics

  The forensic acquisition and analysis of smartphones, tablets, and wearables to extract communications, app data, location, and other artefacts.

• Cloud Forensics

  Forensic investigation of cloud-hosted infrastructure, applications, and SaaS services, working with provider APIs, audit logs, and ephemeral resources.

• Timeline Analysis

  A forensic technique that reconstructs a chronological sequence of system events by correlating timestamps from filesystem, registry, log, and application artifacts.

• Artifact Analysis

  Artifact Analysis — definition coming soon.

• Windows Registry Analysis

  Windows Registry Analysis — definition coming soon.

• Log Analysis

  Log Analysis — definition coming soon.

• File Carving

  File Carving — definition coming soon.

• Steganalysis

  Steganalysis — definition coming soon.

• Anti-Forensics

  Anti-Forensics — definition coming soon.

• Forensic Readiness

  Forensic Readiness — definition coming soon.

• Preservation of Evidence

  Preservation of Evidence — definition coming soon.

• Evidence Acquisition

  Evidence Acquisition — definition coming soon.

• Malware Analysis

  Malware Analysis — definition coming soon.

• Reverse Engineering

  Reverse Engineering — definition coming soon.