Glossary - MSAB

MSAB-Glossar für digitale Forensik

Wichtige Begriffe und Definitionen

Willkommen bei unserem Glossar zur digitalen Forensik – eine Ressource für klare, prägnante Definitionen der wichtigsten Begriffe, die bei digitalen forensischen Untersuchungen verwendet werden. Dieses Glossar enthält die Terminologie, die im Bereich der Smartphone-Untersuchungen, der Extraktion mobiler Daten und der Analyse digitaler Beweise von mobilen Geräten verwendet wird.

Da Mobiltelefone bei Cyberkriminalität und digitalen Ermittlungen immer mehr in den Mittelpunkt rücken, ist es unerlässlich, wichtige Konzepte wie IMEI, mobile Datenerfassung, App-Artefakte und SIM-Karten-Analyse zu verstehen. Darüber hinaus finden Sie Definitionen von allgemeineren Begriffen der digitalen Forensik wie Hash-Werte, Metadaten und Chain of Custody – alles in einem unkomplizierten, leicht zugänglichen Format erklärt. Egal, ob Sie ein Spezialist für mobile Forensik, ein Strafverfolgungsbeamter, ein Cybersecurity-Experte oder ein Student sind, dieses Glossar bietet aktuelle Erklärungen, die Ihnen helfen, sich in dem sich schnell entwickelnden Bereich der mobilen Forensik zurechtzufinden.

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

FAT32 (File Allocation Table 32)

FAT32, or File Allocation Table 32, is a widely used file system in mobile devices, particularly for external storage media such as SD cards and USB drives. It was introduced as an improvement over the older FAT16 file system, offering support for larger partition sizes and more efficient storage management. Understanding FAT32 is essential for […]

FBE (File Based Encryption) – Mobile Device Forensics

A method where each file on a mobile device’s partition is individually encrypted, requiring forensic tools to decrypt specific files for evidence analysis. Key Features of FBE Per-File Encryption: FBE encrypts each file individually using a unique key derived from the user’s credentials. This approach provides better security and flexibility compared to FDE. Direct Boot […]

File System

The organizational structure (e.g., NTFS, FAT32) that manages data on a storage device, analyzed in forensics to locate files, recover deleted data, or detect anomalies.

File System Extraction – Mobile Device Forensics

A forensic process that retrieves files embedded in a mobile device’s memory, capturing artifacts like photos, messages, or app data for analysis. File system extraction is a fundamental technique in mobile forensics that involves acquiring and analyzing data stored in a device’s file system. The file system is a critical component of a mobile device’s […]

Forensic Analysis

The systematic examination of digital evidence to uncover facts, reconstruct events, or identify perpetrators in an investigation. Forensic data analytics is the process of applying analytical techniques to digital evidence collected during a mobile forensic investigation. It involves processing, examining, and interpreting large volumes of data to uncover patterns, anomalies, and insights that can help […]

Forensic Data Acquisition Methods

Forensic data acquisition is a critical step in mobile forensics, as it involves collecting and preserving digital evidence from mobile devices in a forensically sound manner. There are several acquisition methods used in mobile forensics, each with its own advantages, limitations, and implications for data recovery and analysis. Logical Acquisition Logical acquisition involves extracting data […]

Forensic Data Authentication

Forensic data authentication is the process of verifying the integrity and authenticity of digital evidence collected during a mobile forensic investigation. It ensures that the data has not been altered, tampered with, or corrupted since its acquisition, maintaining the evidence’s admissibility in legal proceedings. Authentication is a critical aspect of mobile forensics, as it establishes […]

Forensic Data Carving

Forensic data carving is a technique used in mobile forensic investigations to recover deleted, fragmented, or unallocated data from digital storage media. It involves searching for and extracting data based on specific file signatures or patterns, rather than relying on file system metadata. Data carving is a crucial technique for recovering evidence that may have […]

Forensic Data Carving Algorithms

Forensic data carving algorithms are specialized techniques used to recover deleted, fragmented, or unallocated data from digital storage media in mobile forensic investigations. These algorithms are designed to search for and extract data based on specific file signatures, patterns, or structures, enabling investigators to recover evidence that may not be readily accessible through traditional file […]

Forensic Data Correlation

Forensic data correlation is the process of identifying and analyzing relationships, connections, and patterns between different data points or sources in a mobile forensic investigation. It involves linking and combining information from various artifacts, such as call logs, messages, location data, and application data, to establish a comprehensive understanding of the events, activities, and interactions […]

Forensic Data Decryption

Forensic data decryption is the process of converting encrypted data from mobile devices into a readable format during a forensic investigation. As mobile devices increasingly employ encryption to protect user data, decryption has become a critical aspect of mobile forensics. Investigators must decrypt encrypted data to access and analyze the evidence stored on the device. […]

Forensic Data Deduplication

Forensic data deduplication is the process of identifying and removing duplicate copies of data from the evidence collected during a mobile forensic investigation. Mobile devices often contain multiple copies of the same files or data, such as backups, synchronized data, or cached files. Deduplicating this data helps reduce the volume of data to be analyzed, […]

Forensic Data Export

Forensic data export is the process of extracting and saving digital evidence from mobile devices or forensic tools in a format suitable for further analysis, sharing, or presentation. Exporting data allows investigators to work with the evidence using various tools, collaborate with other stakeholders, and prepare the evidence for court proceedings. Importance of Forensic Data […]

Forensic Data Extraction Techniques

Forensic data extraction is the process of acquiring digital evidence from mobile devices using various techniques. The choice of extraction technique depends on factors such as the type of device, the state of the device (powered on or off), the level of access required, and the specific data sought. Each technique has its own advantages, […]

Forensic Data Filtering

Forensic data filtering is the process of refining and narrowing down the collected digital evidence in a mobile forensic investigation to focus on the most relevant and pertinent information. With the increasing storage capacities of mobile devices, the amount of data acquired during an investigation can be overwhelming. Data filtering techniques help investigators prioritize their […]

Forensic Data Indexing

Forensic data indexing is the process of organizing and optimizing the collected digital evidence in a mobile forensic investigation to enable efficient searching, retrieval, and analysis. Indexing creates a structured and searchable catalog of the extracted data, allowing investigators to quickly locate and access specific information without having to manually sift through the entire dataset. […]

Full Disk Encryption (FDE)

A security measure that encrypts an entire storage device, posing a challenge in forensics unless the decryption key or method is obtained. FDE, or Full Disk Encryption, is a security feature that encrypts the entire storage media of a mobile device, including the operating system, applications, and user data. FDE is designed to protect data […]

This website uses cookies

Cookies ("cookies") consist of small text files. The text files contain data which is stored on your device. To be able to place some type of cookies we need your consent. We at MSAB, corporate identity number 556244-3050 use these types of cookies. To read more about which cookies we use and storage duration, click here to get to our cookiepolicy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that need to be placed for fundamental functions on the website to work. Fundamental functions are for instance cookies that are needed for you to use menus and navigate the website.

Functional cookies

Functional cookies need to be placed for the website to perform in the way that you expect. For instance to remember which language you prefer, to know if you are logged in, to keep the website secure, remember login credentials or to enable sorting of products on the website in the way that you prefer.

Statistical cookies

To know how you interact with the website we place cookies to collect statistics. These cookies anonymize personal data.

Personalization cookies

In order to provide a better experiance we place cookies for your preferances

Ad measurement cookies

To be able to provide a better service and experience we place cookies to tailor marketing for you. Another purpose for this placement is to market products or services to you, give tailored offers or market and give recommendations on new concepts based on what you have bought from us previously.

Ad measurement user cookies

In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data