MSAB Digital Forensics Glossary
Key Terms and Definitions
Welcome to Our Digital Forensics Glossary — A resource for clear, concise definitions of key terms used in digital forensic investigations. This glossary includes terminology used in the field of smartphone investigations, mobile data extraction, and the analysis of digital evidence from mobile devices.
As mobile phones become central to cybercrime and digital investigations, it’s essential to understand critical concepts such as IMEI, mobile data acquisition, app artifacts, and SIM card analysis. You’ll also find definitions of broader digital forensics terms like hash values, metadata, and chain of custody — all explained in a straightforward, accessible format. Whether you’re a mobile forensics specialist, law enforcement officer, cybersecurity professional, or student, this glossary offers up-to-date explanations to help you navigate the rapidly evolving field of mobile forensics.
Kerberos
A network authentication protocol using tickets to secure communication, analyzed in forensics to investigate unauthorized access or credential misuse in enterprise environments.
Read full termKernel
Kernel-level mobile forensics is an advanced data acquisition technique that involves extracting data directly from a device’s kernel memory. The kernel is the core component of an operating system, responsible for managing system resources, device drivers, and low-level functions. By accessing data at the kernel level, forensic examiners can overcome certain limitations of traditional mobile […]
Read full termKey Exchange
The process of securely sharing cryptographic keys between parties, studied in forensics to analyze encrypted communications or identify vulnerabilities in protocols like TLS.
Read full termKey Logger
A tool or malware that records keystrokes, investigated in forensics to uncover stolen credentials, user activity, or evidence of espionage on a compromised device.
Read full termKeychain – Mobile Device Forensics
An Apple-specific encrypted storage system for passwords and credentials, extracted in forensics (e.g., via XRY tools) to recover authentication data from iOS devices.
Read full termKeyword Search
A forensic technique using specific terms or phrases to locate relevant data within large datasets, streamlining evidence identification in files, emails, or logs.
Read full termKik Messenger Artifacts
Digital traces left by the Kik messaging app (e.g., chat logs, media), analyzed in forensics to recover communications or investigate illicit activity on mobile devices.
Read full termKiosk
MSAB Kiosk is a turnkey frontline solution for Mobile Forensics, a powerful machine with a touch screen interface to help reduce digital forensic backlogs by enabling frontline staff to process mobile devices with minimal training.
Read full termKnock Pattern – Mobile Device Forensics
A security feature where a user taps specific screen locations in a sequence to unlock a device, examined in forensics to bypass or replicate for data extraction (e.g., with XRY Pro).
Read full termKnowledgec Database / Knowledgec.db
An SQLite database on iOS/macOS devices storing user and device activity (e.g., app usage, power events), analyzed in forensics to establish patterns of life or timelines of events.
Read full termKnown File Filter (KFF)
A database of hash values for common files (e.g., OS files), used in forensics to exclude irrelevant data and focus on unique or suspicious content during analysis in tools such as MSAB XAMN Pro.
Read full term