Glossary - MSAB

MSAB Digital Forensics Glossary

Key Terms and Definitions

Welcome to Our Digital Forensics Glossary — A resource for clear, concise definitions of key terms used in digital forensic investigations. This glossary includes terminology used in the field of smartphone investigations, mobile data extraction, and the analysis of digital evidence from mobile devices.

As mobile phones become central to cybercrime and digital investigations, it’s essential to understand critical concepts such as IMEI, mobile data acquisition, app artifacts, and SIM card analysis. You’ll also find definitions of broader digital forensics terms like hash values, metadata, and chain of custody — all explained in a straightforward, accessible format. Whether you’re a mobile forensics specialist, law enforcement officer, cybersecurity professional, or student, this glossary offers up-to-date explanations to help you navigate the rapidly evolving field of mobile forensics.

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

TAC Type Allocation Code – Mobile Device Forensics

The initial eight-digit portion of the 15-digit IMEI, identifying a mobile device’s model and manufacturer, extracted in forensics to trace hardware origins or verify authenticity.

Tag – Digital Forensics

A label or marker applied to evidence (e.g., files, events) for organization and filtering, that can be used with tools like Report Builder in XAMN Pro using templated reports to tag data efficiently.

TCP/IP (Transmission Control Protocol/Internet Protocol)

The foundational protocol suite for internet communication, analyzed in forensics to interpret network traffic, reconstruct connections, or detect anomalies.

TEE (Trusted Execution Environment) in Mobile Forensics

A Trusted Execution Environment (TEE) is a secure, isolated area within a mobile device’s processor that ensures the confidentiality and integrity of sensitive data and code execution. TEEs are designed to protect critical applications, such as mobile payments, digital rights management, and biometric authentication, from unauthorized access or tampering. The presence of TEEs in mobile […]

Temporary File

A short-lived file created by applications or systems, recovered in forensics from disk or memory to uncover user activity or deleted evidence.

Terrorist Financing – Crypto Forensics

The funding of designated terrorist groups via cryptocurrencies, investigated in forensics to trace blockchain transactions and disrupt illicit financial networks.

Text Analytics – Investigative Analytics

The process of analyzing unstructured text data to extract relevant information (e.g., keywords, entities), used in tools like MSAB XAMN Pro to enhance investigations.

Threat Intelligence

Data about potential cyber threats (e.g., malware signatures, attacker tactics), integrated into forensics to contextualize evidence or attribute incidents.

Thumbnail Cache

A system-stored collection of image previews (e.g., Windows Thumbs.db), analyzed in forensics to recover visual evidence even if original files are deleted.

Timeline Graph – Digital Forensics

A visual representation of events plotted over time, used in forensics to correlate evidence (e.g., file access, communications) and reconstruct case chronologies.

Timestamp – Mobile Device Forensics

The exact time an event occurred (e.g., message sent), recorded in tools like MSAB XAMN Pro to establish precise timelines or verify alibis in investigations.

Token Smart Contract – Crypto Forensics

A blockchain-based asset governed by a smart contract, sent and received via wallets, analyzed in forensics to trace ownership, transfers, or fraudulent token schemes.

Tokens – Computer Forensics

Username and password data saved on a Windows computer (e.g., in credential manager), extracted in forensics to access accounts or verify user identity.

TOM TOM – Mobile Device Forensics

A term potentially referring to TomTom navigation data on mobile devices, analyzed in forensics to extract GPS routes or location history (context may vary; clarification welcome).

Tor Network

An anonymity network routing traffic through multiple nodes, investigated in forensics to trace dark web activity or unmask users despite encryption layers.

Tracked to Self – Crypto Forensics

A category of cryptocurrency transactions where value sent by an entity is later received back, analyzed to detect laundering patterns or obfuscation attempts.

Translation – Mobile Device Forensics

An option in MSAB XAMN Pro assisting examiners in translating foreign language data, enabling analysis of multilingual evidence like texts or app content.

Triage

A rapid forensic assessment prioritizing critical evidence (e.g., at a crime scene), often applied to mobile devices to identify key data before full extraction.

Trojan Horse

Malware disguised as legitimate software, examined in forensics to uncover its deployment, payload, or impact on a compromised system.

Two-Factor Authentication – Mobile Device Forensics

A security process requiring two verification steps (e.g., password + SMS code), analyzed or bypassed in forensics to access protected mobile data or accounts.

Types – Mobile Device Forensics

Categories or classifications of data (e.g., file types, app data) in tools like XRY, used to filter and prioritize evidence during analysis.

This website uses cookies

Cookies ("cookies") consist of small text files. The text files contain data which is stored on your device. To be able to place some type of cookies we need your consent. We at MSAB, corporate identity number 556244-3050 use these types of cookies. To read more about which cookies we use and storage duration, click here to get to our cookiepolicy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that need to be placed for fundamental functions on the website to work. Fundamental functions are for instance cookies that are needed for you to use menus and navigate the website.

Functional cookies

Functional cookies need to be placed for the website to perform in the way that you expect. For instance to remember which language you prefer, to know if you are logged in, to keep the website secure, remember login credentials or to enable sorting of products on the website in the way that you prefer.

Statistical cookies

To know how you interact with the website we place cookies to collect statistics. These cookies anonymize personal data.

Personalization cookies

In order to provide a better experiance we place cookies for your preferances

Ad measurement cookies

To be able to provide a better service and experience we place cookies to tailor marketing for you. Another purpose for this placement is to market products or services to you, give tailored offers or market and give recommendations on new concepts based on what you have bought from us previously.

Ad measurement user cookies

In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data