Glossary - MSAB

MSAB Digital Forensics Glossary

Key Terms and Definitions

Welcome to Our Digital Forensics Glossary — A resource for clear, concise definitions of key terms used in digital forensic investigations. This glossary includes terminology used in the field of smartphone investigations, mobile data extraction, and the analysis of digital evidence from mobile devices.

As mobile phones become central to cybercrime and digital investigations, it’s essential to understand critical concepts such as IMEI, mobile data acquisition, app artifacts, and SIM card analysis. You’ll also find definitions of broader digital forensics terms like hash values, metadata, and chain of custody — all explained in a straightforward, accessible format. Whether you’re a mobile forensics specialist, law enforcement officer, cybersecurity professional, or student, this glossary offers up-to-date explanations to help you navigate the rapidly evolving field of mobile forensics.

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

Hacktivist

An individual or group using hacking to promote a political or social agenda, whose actions are often investigated in forensics to identify motives and methods.

Hard Reset

A factory reset of a device to erase all data, analyzed in forensics to determine if it was performed to conceal evidence, with potential recovery from backups or unallocated space.

Hardware Forensics

The examination of physical components of a device (e.g., circuit boards, chips) to extract data or detect tampering, often requiring specialized tools like chip-off techniques.

Hash

A fixed-length value generated by a cryptographic algorithm (e.g., MD5, SHA-1) from digital data, used in forensics to verify evidence integrity or identify known files.

Hash Collision

A rare occurrence where two different inputs produce the same hash value, considered in forensics to ensure the reliability of hash-based evidence verification.

Hash Functions in Mobile Forensics

Hash functions play a crucial role in mobile forensics, ensuring the integrity and authenticity of digital evidence. A hash function is a mathematical algorithm that takes an input (or message) of any size and produces a fixed-size output, known as a hash value or digest. Hash functions are designed to be one-way and collision-resistant, making […]

HashDB – Digital Forensics

A database of hash values uploaded to compare against hashes in a case, used in forensics to identify known files (e.g., malware, illegal content) or verify data integrity.

Hashing – Data Verification – Mobile Device Forensics

A one-way cryptographic process applied to mobile device data, producing a unique hash value to confirm its authenticity and integrity during forensic analysis.

Heap

A region of memory used for dynamic allocation in a program, analyzed in forensics to recover temporary data or artifacts from running processes.

Hex Dump

A raw display of data in hexadecimal format, used in forensics to inspect low-level contents of files, memory, or storage for hidden or encoded information.

Hex Viewer – Mobile Device Forensics

A tool in software like MSAB XAMN Pro allowing examiners to view and adjust raw hexadecimal data from a mobile device, aiding in detailed analysis of file contents.

Hidden File

A file intentionally concealed by a user or system (e.g., with a dot prefix in Unix), sought in forensics to uncover evidence obscured from casual view.

High-Risk Exchange – Crypto Forensics

A cryptocurrency exchange deemed risky due to factors like weak regulation, anonymity features, or links to illicit activity, investigated in forensics to trace suspicious transactions.

High-Risk Jurisdiction – Crypto Forensics

A category of cryptocurrency services operating in regions with lax regulations or high crime rates, analyzed in forensics to assess risks in financial investigations.

Hijacking

The unauthorized takeover of a system, session, or account (e.g., browser hijacking), investigated in forensics to identify the method and perpetrator.

Honeypot

A decoy system designed to attract attackers, used in forensics to study attack techniques or gather evidence of unauthorized access attempts.

Host Intrusion Detection System (HIDS)

A security tool monitoring a single device for suspicious activity, analyzed in forensics to reconstruct incidents or validate evidence from system logs.

Hosted Wallet – Crypto Forensics

A cryptocurrency wallet managed by a third-party service (e.g., an exchange), examined in forensics to trace funds or link users to transactions via service records.

HTML (HyperText Markup Language)

A standard markup language for web content, parsed in forensics to analyze web-based evidence like phishing pages or browser artifacts.

HTTP (HyperText Transfer Protocol)

The protocol for web data transfer, examined in forensics through network traffic analysis to uncover user activity, file downloads, or malicious communications.

HTTPS (HyperText Transfer Protocol Secure)

An encrypted version of HTTP, requiring forensic decryption or proxy analysis to inspect secure web traffic for evidence.

Huffman Coding

A compression algorithm used in data storage, encountered in forensics when decompressing files or analyzing encoded evidence to recover original content.

Hybrid Attack

A password-cracking method combining dictionary and brute-force techniques, used in forensics to unlock encrypted evidence when simpler methods fail.

Hypervisor

Software managing virtual machines, analyzed in forensics to investigate virtualized environments for evidence of compromise or hidden activity.

Hysteresis

A concept occasionally applied in forensic data analysis to filter noise or stabilize readings (e.g., in signal forensics), ensuring accurate interpretation of evidence.

This website uses cookies

Cookies ("cookies") consist of small text files. The text files contain data which is stored on your device. To be able to place some type of cookies we need your consent. We at MSAB, corporate identity number 556244-3050 use these types of cookies. To read more about which cookies we use and storage duration, click here to get to our cookiepolicy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that need to be placed for fundamental functions on the website to work. Fundamental functions are for instance cookies that are needed for you to use menus and navigate the website.

Functional cookies

Functional cookies need to be placed for the website to perform in the way that you expect. For instance to remember which language you prefer, to know if you are logged in, to keep the website secure, remember login credentials or to enable sorting of products on the website in the way that you prefer.

Statistical cookies

To know how you interact with the website we place cookies to collect statistics. These cookies anonymize personal data.

Personalization cookies

In order to provide a better experiance we place cookies for your preferances

Ad measurement cookies

To be able to provide a better service and experience we place cookies to tailor marketing for you. Another purpose for this placement is to market products or services to you, give tailored offers or market and give recommendations on new concepts based on what you have bought from us previously.

Ad measurement user cookies

In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data