Glossary - MSAB

MSAB Digital Forensics Glossary

Key Terms and Definitions

Welcome to Our Digital Forensics Glossary — A resource for clear, concise definitions of key terms used in digital forensic investigations. This glossary includes terminology used in the field of smartphone investigations, mobile data extraction, and the analysis of digital evidence from mobile devices.

As mobile phones become central to cybercrime and digital investigations, it’s essential to understand critical concepts such as IMEI, mobile data acquisition, app artifacts, and SIM card analysis. You’ll also find definitions of broader digital forensics terms like hash values, metadata, and chain of custody — all explained in a straightforward, accessible format. Whether you’re a mobile forensics specialist, law enforcement officer, cybersecurity professional, or student, this glossary offers up-to-date explanations to help you navigate the rapidly evolving field of mobile forensics.

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

Backdoor

A hidden method of bypassing security or authentication in a system, often installed by malware to grant attackers’ future access.

Backup

A copy of digital data stored separately from the original, used for recovery in case of data loss. In digital forensics, backups such as an Android Backup can be crucial sources of evidence.

Base64 Encoding

A method for converting binary data into ASCII text. Often used in data obfuscation, email attachments, and forensic analysis of malware.

BFU (Before First Unlock)

Refers to a device state, the device has been turned off and no passcode/password has been entered by the user. This state leaves the file system encrypted, software such as XRY Pro can still successfully brute force and decrypt the file system for an extraction dependent on device make and model. BFU, or Before […]

Biome

A biome is a collection of variables and settings that have common characteristics due to similar environments and can be found across a range of applications on iOS.

Biometric Unlock Forensics

Biometric unlock forensics is a subdiscipline of mobile forensics that focuses on investigating and analyzing biometric authentication methods, such as fingerprint, face, and iris recognition, used to secure mobile devices. As biometric unlocking becomes increasingly common, forensic investigators must understand how these technologies work and develop techniques to bypass or exploit them when necessary. […]

BIOS (Basic Input/Output System)

Firmware stored on a motherboard chip that initializes hardware during boot and provides runtime services for operating systems in computers.

Bit

The smallest unit of digital information (a binary digit, 0 or 1).

Bit-by-Bit Copy

An exact duplicate of a storage medium (all bytes copied exactly), also known as a forensic clone or image.

BitLocker

A full-disk encryption feature built into Microsoft Windows. Forensic investigators may need to bypass or decrypt BitLocker to access evidence.

Blockchain Forensics

The application of digital forensics to blockchain and cryptocurrency transactions, including tracing illicit transactions and wallet analysis.

Bluetooth forensics

Bluetooth forensics is a branch of digital forensics that focuses on investigating wireless data transfer and communication between devices using Bluetooth technology. As Bluetooth-enabled devices become increasingly prevalent, understanding how to acquire and analyze data transmitted via Bluetooth is crucial for digital forensic investigators. Bluetooth Technology Overview Bluetooth is a short-range wireless communication technology […]

Boot Loader

A program that loads an operating system when a device is turned on; unlocking a mobile device’s bootloader allows installation of custom OS or forensic boot images. Normally this small piece of code is loaded into RAM during the device start up process. This method allows for a forensically sound method of obtaining access to […]

Boot Sector

The section of a storage drive containing code to start the boot process for computers (e.g., Master Boot Record on traditional BIOS systems).

Botnet

A network of compromised computers (bots) controlled by an attacker, used together to perform large-scale tasks like DDoS attacks or sending spam.

Brick/ed

Term used to indicate a process that has caused a device to malfunction and become nonresponsive. Processes that could cause this could be flashing or other methods that have now caused the device to be inaccessible.

Brute Force Attack

A trial-and-error method used to crack passwords or encryption by systematically trying many possible combinations.

BSSID (Basic Service Set Identifiers)

The BSSID is the MAC address (Media Access Control address) of a wireless access point (AP) in a Wi-Fi network. It uniquely identifies a specific access point within a wireless network.

BYOD (Bring Your Own Device)

An organizational practice allowing employees to use personal devices (computers, smartphones, etc.) for work purposes, which can complicate investigations due to mixed personal and work data. BYOD forensics involves investigating personally-owned devices, such as smartphones, tablets, and laptops, that are used for work purposes in corporate environments. As BYOD policies become more common, digital […]

Bypass Lock Screen

A method used by Forensic tools such as XRY and XRY Pro allows a user to gain access to a mobile device by bypassing the lock screen.

Byte

A group of 8 bits; a basic unit of data representing a single character in text (e.g., one letter is typically one byte in ASCII).

This website uses cookies

Cookies ("cookies") consist of small text files. The text files contain data which is stored on your device. To be able to place some type of cookies we need your consent. We at MSAB, corporate identity number 556244-3050 use these types of cookies. To read more about which cookies we use and storage duration, click here to get to our cookiepolicy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that need to be placed for fundamental functions on the website to work. Fundamental functions are for instance cookies that are needed for you to use menus and navigate the website.

Functional cookies

Functional cookies need to be placed for the website to perform in the way that you expect. For instance to remember which language you prefer, to know if you are logged in, to keep the website secure, remember login credentials or to enable sorting of products on the website in the way that you prefer.

Statistical cookies

To know how you interact with the website we place cookies to collect statistics. These cookies anonymize personal data.

Personalization cookies

In order to provide a better experiance we place cookies for your preferances

Ad measurement cookies

To be able to provide a better service and experience we place cookies to tailor marketing for you. Another purpose for this placement is to market products or services to you, give tailored offers or market and give recommendations on new concepts based on what you have bought from us previously.

Ad measurement user cookies

In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data