Glossary - MSAB

MSAB Digital Forensics Glossary

Key Terms and Definitions

Welcome to Our Digital Forensics Glossary — A resource for clear, concise definitions of key terms used in digital forensic investigations. This glossary includes terminology used in the field of smartphone investigations, mobile data extraction, and the analysis of digital evidence from mobile devices.

As mobile phones become central to cybercrime and digital investigations, it’s essential to understand critical concepts such as IMEI, mobile data acquisition, app artifacts, and SIM card analysis. You’ll also find definitions of broader digital forensics terms like hash values, metadata, and chain of custody — all explained in a straightforward, accessible format. Whether you’re a mobile forensics specialist, law enforcement officer, cybersecurity professional, or student, this glossary offers up-to-date explanations to help you navigate the rapidly evolving field of mobile forensics.

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

Last Backup Computer Name – Computer Forensics

The name or ID of the computer that last backed up a device (e.g., via iTunes), extracted in forensics to identify the system linked to a mobile device and its data.

Last User ICCID – Mobile Device Forensics

The Integrated Circuit Card Identifier (19-20 characters), a unique serial number of the last SIM card used in a device, analyzed to associate a user with mobile activity.

Latency

The time delay in data transmission over a network, examined in forensics to assess network performance or detect anomalies during an incident timeline.

Lawful Access – Mobile Device Forensics

The process of legally overcoming barriers (e.g., encryption, locks) to access data on a device, often using forensic tools or court orders to ensure compliance.

LDAP (Lightweight Directory Access Protocol)

A protocol for accessing directory services (e.g., user authentication), analyzed in forensics to investigate network logins or privilege escalation in enterprise systems.

Lending Contract – Crypto Forensics

A smart contract used in decentralized finance (DeFi) for lending cryptocurrencies, investigated in forensics to trace financial transactions or uncover illicit funding schemes.

Link – Mobile Device Forensics

An indication of communication (e.g., calls, messages) between devices based on single or multiple events, analyzed to map relationships or interactions in investigations.

Link Analysis

A forensic technique visualizing connections between entities (e.g., people, devices, accounts), used to identify networks of activity or criminal associations.

Linux Forensics

The investigation of Linux-based systems, focusing on file systems (e.g., EXT), logs (e.g., /var/log), and command history to recover evidence or detect intrusions.

Live Analysis

The examination of a system while it’s still running, used in forensics to capture volatile data (e.g., RAM) that would be lost if the device were powered off.

Live Mobile Data Acquisition

Live mobile data acquisition involves extracting data from a mobile device while it is powered on and running. Unlike traditional forensic methods that require the device to be powered off or in a specific state, live acquisition focuses on capturing volatile data that may be lost if the device is shut down or disconnected from […]

Live Response

The immediate collection of data from a running system during an incident, a forensic process to preserve ephemeral evidence like active processes or network connections.

Local Area Network (LAN)

A network connecting devices in a limited area, analyzed in forensics to trace internal communications or identify compromised systems within an organization.

Location Data – Mobile Device Forensics, logical extraction

Data indicating a device’s geographical position (e.g., GPS coordinates, Wi-Fi locations), retrieved via logical extraction to track movements or establish presence at a scene.

Log Analysis

The examination of system, application, or network logs to reconstruct events, detect anomalies, or identify user actions in a forensic investigation.

Log File

A record of events generated by a system or application, parsed in forensics to establish timelines, troubleshoot incidents, or uncover evidence of tampering.

Logical Acquisition

A forensic method capturing accessible data from a device (e.g., files, contacts) without imaging the entire storage, often used when physical access is restricted.

Logical Extraction

The process of retrieving data from a device’s file system (e.g., photos, messages) in a structured format, commonly applied in mobile forensics for quick evidence collection.

Loopback Address

A special IP address (e.g., 127.0.0.1) used for testing local network communication, checked in forensics to detect self-referential traffic or malware behavior.

Lost Partition

A storage partition no longer recognized by the operating system, recovered in forensics using tools to retrieve data that may contain critical evidence.

This website uses cookies

Cookies ("cookies") consist of small text files. The text files contain data which is stored on your device. To be able to place some type of cookies we need your consent. We at MSAB, corporate identity number 556244-3050 use these types of cookies. To read more about which cookies we use and storage duration, click here to get to our cookiepolicy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that need to be placed for fundamental functions on the website to work. Fundamental functions are for instance cookies that are needed for you to use menus and navigate the website.

Functional cookies

Functional cookies need to be placed for the website to perform in the way that you expect. For instance to remember which language you prefer, to know if you are logged in, to keep the website secure, remember login credentials or to enable sorting of products on the website in the way that you prefer.

Statistical cookies

To know how you interact with the website we place cookies to collect statistics. These cookies anonymize personal data.

Personalization cookies

In order to provide a better experiance we place cookies for your preferances

Ad measurement cookies

To be able to provide a better service and experience we place cookies to tailor marketing for you. Another purpose for this placement is to market products or services to you, give tailored offers or market and give recommendations on new concepts based on what you have bought from us previously.

Ad measurement user cookies

In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data