Glossary - MSAB

MSAB Digital Forensics Glossary

Key Terms and Definitions

Welcome to Our Digital Forensics Glossary — A resource for clear, concise definitions of key terms used in digital forensic investigations. This glossary includes terminology used in the field of smartphone investigations, mobile data extraction, and the analysis of digital evidence from mobile devices.

As mobile phones become central to cybercrime and digital investigations, it’s essential to understand critical concepts such as IMEI, mobile data acquisition, app artifacts, and SIM card analysis. You’ll also find definitions of broader digital forensics terms like hash values, metadata, and chain of custody — all explained in a straightforward, accessible format. Whether you’re a mobile forensics specialist, law enforcement officer, cybersecurity professional, or student, this glossary offers up-to-date explanations to help you navigate the rapidly evolving field of mobile forensics.

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

Sandbox

A virtualized environment used in forensics to safely execute and analyze malware or suspicious files without risking the host system.

Scam

A fraudulent scheme often executed online (e.g., phishing, Ponzi schemes), investigated in forensics to trace digital evidence like emails, transactions, or fake websites.

Script Kiddie

An unskilled individual using pre-written hacking tools, whose activities are analyzed in forensics to identify attack patterns or exploited vulnerabilities.

Secure Boot

A security feature verifying a device’s firmware and OS during startup, bypassed in forensics (e.g., via exploits) to access locked mobile devices.

Selective Extraction

A process in MSAB XRY allowing examiners to extract specific data from a mobile device by selecting criteria like date, time, or application, enhancing efficiency and privacy compliance.

Session Hijacking

The unauthorized takeover of an active user session (e.g., via stolen cookies), investigated in forensics to trace attacker methods and compromised accounts.

Share-Collaborate-Review in MSAB Unify

A feature in MSAB Unify enabling forensic teams to share, collaborate on, and review digital evidence securely across stakeholders, streamlining case workflows.

Shellcode

A small piece of code used as a payload in exploits, analyzed in forensics to understand malware behavior or reconstruct attack vectors.

Signature Analysis

The comparison of digital signatures or hashes against known patterns, used in forensics to identify malware, verify file integrity, or detect tampering.

Slack Space

Unused space in a file system cluster, examined in forensics to recover remnants of deleted or overwritten data not yet fully erased.

Smart Contract Crypto

Self-executing blockchain contracts with predefined rules, investigated in crypto forensics to trace transactions, verify legitimacy, or uncover fraudulent schemes.

Smartphone Forensic Tools like XRY, XAMN

Specialized tools (e.g., MSAB’s XRY for extraction, XAMN for analysis) designed to recover, decode, and analyze data from smartphones in a forensically sound manner.

SMS Forensics

The analysis of text messages on mobile devices, extracted to reveal communication content, timestamps, or deleted messages in investigations.

Snapchat Analysis

The process of recovering digital evidence from the Snapchat application. Despite the app’s design focus on ephemeral (disappearing) content, forensic investigation can often recover cached images, chat logs, video thumbnails, and metadata from the device’s file system and volatile memory. The Myth of “Disappearing” Data Snapchat is marketed on privacy: messages vanish after viewing. However, […]

Snapshot

A point-in-time copy of a system’s state (e.g., VM or memory), captured in forensics to preserve volatile data for later analysis.

Social Engineering

Manipulation techniques (e.g., pretexting, baiting) used to gain unauthorized access, traced in forensics via victim interactions or phishing artifacts.

Social Media Forensics

Social media forensics is a branch of digital forensics that focuses on the acquisition, analysis, and preservation of evidence from social media platforms. With the widespread use of social media applications on mobile devices, social media forensics has become an essential aspect of mobile investigations. Importance of Social Media Forensics Communication Evidence: Social media platforms […]

Solid-State Drive (SSD)

A storage device using flash memory, challenging forensics due to wear leveling and TRIM commands, requiring specialized tools to recover data.

SQLite

A lightweight database engine commonly used in mobile apps, parsed in forensics to extract structured data like chat histories, logs, or app settings.

SQLite Database Forensics

The forensic analysis of SQLite database files, which serve as the primary storage mechanism for the majority of mobile applications on Android and iOS. This process involves examining the database structure to recover active records, deleted rows, and unallocated data that standard browsing would miss. The Backbone of Mobile Data Almost every app on a […]

SQLite Forensics

The specific analysis of SQLite databases on devices, focusing on recovering deleted records, validating data sources, or reconstructing app activity.

State of File

The condition of a file (e.g., active, deleted, modified), assessed in forensics to determine its relevance, integrity, or recovery potential in an investigation.

Steganography

The practice of hiding data within other files (e.g., images), detected and decoded in forensics to uncover concealed messages or evidence.

Stolen Funds Crypto

Cryptocurrency illicitly obtained (e.g., via hacks, scams), tracked in crypto forensics using blockchain analysis to follow transaction trails and identify wallets.

Support

Support Team, working in digital forensics requires from time to time to receive support. Whether to ask software specific questions or a device hardware question. MSAB is proud to have the best support team in the business.

Syslog

A standard for logging system events, analyzed in forensics to reconstruct timelines, detect anomalies, or verify actions on a device or network.

This website uses cookies

Cookies ("cookies") consist of small text files. The text files contain data which is stored on your device. To be able to place some type of cookies we need your consent. We at MSAB, corporate identity number 556244-3050 use these types of cookies. To read more about which cookies we use and storage duration, click here to get to our cookiepolicy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that need to be placed for fundamental functions on the website to work. Fundamental functions are for instance cookies that are needed for you to use menus and navigate the website.

Functional cookies

Functional cookies need to be placed for the website to perform in the way that you expect. For instance to remember which language you prefer, to know if you are logged in, to keep the website secure, remember login credentials or to enable sorting of products on the website in the way that you prefer.

Statistical cookies

To know how you interact with the website we place cookies to collect statistics. These cookies anonymize personal data.

Personalization cookies

In order to provide a better experiance we place cookies for your preferances

Ad measurement cookies

To be able to provide a better service and experience we place cookies to tailor marketing for you. Another purpose for this placement is to market products or services to you, give tailored offers or market and give recommendations on new concepts based on what you have bought from us previously.

Ad measurement user cookies

In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data