Glossary - MSAB

MSAB Digital Forensics Glossary

Key Terms and Definitions

Welcome to Our Digital Forensics Glossary — A resource for clear, concise definitions of key terms used in digital forensic investigations. This glossary includes terminology used in the field of smartphone investigations, mobile data extraction, and the analysis of digital evidence from mobile devices.

As mobile phones become central to cybercrime and digital investigations, it’s essential to understand critical concepts such as IMEI, mobile data acquisition, app artifacts, and SIM card analysis. You’ll also find definitions of broader digital forensics terms like hash values, metadata, and chain of custody — all explained in a straightforward, accessible format. Whether you’re a mobile forensics specialist, law enforcement officer, cybersecurity professional, or student, this glossary offers up-to-date explanations to help you navigate the rapidly evolving field of mobile forensics.

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

Rainbow Table

A precomputed table of hash values used to crack passwords quickly, employed in forensics to recover encrypted credentials or test password strength.

RAM (Random Access Memory)

Volatile memory storing active data and processes, captured in forensics to extract ephemeral evidence like encryption keys or running applications.

RAM (Random Access Memory) Acquisition in Mobile Forensics

RAM acquisition is a crucial technique in mobile forensics that involves capturing the volatile memory contents of a device. RAM contains valuable information about the device’s running processes, open files, network connections, and user activity that may not be available through traditional storage media extraction methods. Importance of RAM Acquisition Volatile Data Capture: RAM holds […]

Ransomware

Malicious software that encrypts data and demands payment for decryption, analyzed in forensics to identify the strain, trace payments (e.g., via cryptocurrency), or recover files.

Raw Data

Unprocessed, unfiltered data extracted from a device (e.g., binary dumps), analyzed in forensics to uncover hidden or low-level evidence before interpretation.

Read-Only Mode

A forensic setting preventing write operations to a device or image, ensuring evidence integrity during analysis (e.g., using write blockers).

Real-Time Analysis

The examination of a system or network as events occur, used in forensics to monitor live incidents or capture volatile data before it’s lost.

Recovery Partition

A dedicated storage section on a device for system restoration, analyzed in forensics to extract data or firmware that may contain evidence.

Redaction

The process of obscuring sensitive or irrelevant information (e.g., PII) in forensic reports or evidence, ensuring privacy compliance before sharing findings. XAMN Pro supports redaction.

Registry

A database in Windows storing system and application settings, parsed in forensics to recover user activity, installed software, or evidence of tampering.

Remote Access Trojan (RAT)

Malware enabling unauthorized remote control of a system, investigated in forensics to trace its deployment, commands, or data exfiltration paths.

Remote Data Collection

Refers to the decentralized process of extracting digital evidence from mobile devices at a location separate from a central forensic laboratory—such as a crime scene, patrol vehicle, or satellite office—while maintaining centralized management and oversight to ensure forensic integrity. The Shift to Frontline Forensics Traditionally, digital forensics involved a linear bottleneck: a device was seized, […]

Remote Forensics

The analysis of devices or data over a network without physical access, used when evidence is geographically distant or in cloud environments.

Report

A detailed document summarizing forensic findings, methods, and evidence, prepared for legal proceedings, case reviews, or investigative updates.

Report Builder (Function in XAMN Pro)

A feature in MSAB’s XAMN Pro allowing examiners to customize and generate forensic reports via a simple drag and drop template.

Repository

A storage location for forensic data (e.g., evidence databases), used to organize, manage, and retrieve case-related information efficiently.

Reverse Engineering

The process of deconstructing software or hardware to understand its function, applied in forensics to analyze malware, firmware, or proprietary systems.

Root

The highest privilege level on a system (e.g., superuser in Unix, administrator in Windows), exploited in forensics via rooting techniques to access restricted mobile device data.

Rootkit

Stealthy malware hiding its presence on a system, detected and analyzed in forensics to uncover deep system compromises or persistent threats.

Routing Table

A network device’s record of data paths, examined in forensics to trace communication flows or identify points of interception in network attacks.

This website uses cookies

Cookies ("cookies") consist of small text files. The text files contain data which is stored on your device. To be able to place some type of cookies we need your consent. We at MSAB, corporate identity number 556244-3050 use these types of cookies. To read more about which cookies we use and storage duration, click here to get to our cookiepolicy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that need to be placed for fundamental functions on the website to work. Fundamental functions are for instance cookies that are needed for you to use menus and navigate the website.

Functional cookies

Functional cookies need to be placed for the website to perform in the way that you expect. For instance to remember which language you prefer, to know if you are logged in, to keep the website secure, remember login credentials or to enable sorting of products on the website in the way that you prefer.

Statistical cookies

To know how you interact with the website we place cookies to collect statistics. These cookies anonymize personal data.

Personalization cookies

In order to provide a better experiance we place cookies for your preferances

Ad measurement cookies

To be able to provide a better service and experience we place cookies to tailor marketing for you. Another purpose for this placement is to market products or services to you, give tailored offers or market and give recommendations on new concepts based on what you have bought from us previously.

Ad measurement user cookies

In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data