Glossary - MSAB

MSAB Digital Forensics Glossary

Key Terms and Definitions

Welcome to Our Digital Forensics Glossary — A resource for clear, concise definitions of key terms used in digital forensic investigations. This glossary includes terminology used in the field of smartphone investigations, mobile data extraction, and the analysis of digital evidence from mobile devices.

As mobile phones become central to cybercrime and digital investigations, it’s essential to understand critical concepts such as IMEI, mobile data acquisition, app artifacts, and SIM card analysis. You’ll also find definitions of broader digital forensics terms like hash values, metadata, and chain of custody — all explained in a straightforward, accessible format. Whether you’re a mobile forensics specialist, law enforcement officer, cybersecurity professional, or student, this glossary offers up-to-date explanations to help you navigate the rapidly evolving field of mobile forensics.

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

Identifier – Digital Forensics

A unique ID associated with a person or device (e.g., phone number, social media profile, MAC address), used in forensics to link evidence to individuals or systems.

Illicit Actor-org – Crypto Forensics

Individuals or organizations operating directly or indirectly in illegal activities (e.g., money laundering, dark web markets), investigated in crypto forensics to trace their digital footprints.

Image Filter Common/Known – Mobile Device Forensics

A feature in tools like MSAB XAMN Pro that calculates hash values of images to identify and filter common or known files, streamlining evidence analysis.

Imaging

The process of creating an exact, bit-for-bit copy of a digital storage medium (e.g., hard drive, phone memory), preserving all data for forensic analysis without altering the original.

IMEI – Mobile Device Forensics

International Mobile Equipment Identifier, a unique GSM identifier for mobile devices to track or identify hardware in investigations.

IMEI (International Mobile Equipment Identity)

The International Mobile Equipment Identity (IMEI) is a unique 15-digit number assigned to every mobile device that connects to a cellular network. The IMEI serves as a unique identifier for the device and plays a crucial role in mobile forensic investigations, as it can help trace the device’s origin, ownership, and movement. Structure of IMEI […]

IMEI Forensics

The forensic analysis of a device’s International Mobile Equipment Identifier to link it to criminal activity, verify ownership, or correlate it with network records.

IMSI – Mobile Device Forensics

International Mobile Subscriber Identity, a unique GSM identifier tied to a SIM card, extracted via tools like MSAB XRY to associate a user with mobile network activity.

Incident Response

The process of addressing and investigating a cybersecurity breach, often overlapping with digital forensics to collect evidence and mitigate further damage.

Indexed Search

A forensic technique using pre-built indexes to quickly locate specific data (e.g., keywords, files) within large datasets, improving efficiency in evidence analysis.

Inference Attack

A method where attackers deduce sensitive information from seemingly innocuous data, studied in forensics to understand breaches or assess data exposure risks.

Infrastructure as a Service – Crypto Forensics

A category of cloud-based infrastructure supporting cryptocurrency operations, analyzed in forensics to trace transactions or uncover illicit service providers.

Initial Coin Offering (ICO) – Crypto Forensics

A crowdfunding method for launching new cryptocurrencies, investigated in forensics to detect scams, trace funds, or identify participants in financial crimes.

Inode

A data structure in Unix-like file systems (e.g., EXT) holding file metadata, analyzed in forensics to recover deleted files or reconstruct file system activity.

Input/Output (I/O)

The communication between a device and its storage or peripherals, monitored in forensics to detect data transfers or hardware interactions relevant to an investigation.

Integrity Check

A verification process (e.g., via hashing) ensuring digital evidence remains unaltered from its original state, critical for forensic admissibility in court.

InteractionC – Mobile Device Forensics

A database on Apple devices tracking user interactions (e.g., calls, messages), analyzed in forensics to reconstruct communication patterns or timelines.

Internet Forensics

The investigation of online activity (e.g., browsing history, cloud data) to uncover evidence of cybercrimes, requiring analysis of network traffic and web artifacts.

Intrusion Detection System (IDS)

A security tool monitoring network or system activity for threats, analyzed in forensics to validate alerts or reconstruct attack timelines.

Investigation & Evidence Management System

A hybrid solution streamlining investigative workflows, from evidence collection to case management, ensuring efficient handling and documentation across processes.

Investigative Analytics

The use of AI-driven solutions in the lab to analyze digital evidence, identify patterns, and generate insights during investigations, enhancing efficiency and accuracy.

Investigative Reports – Investigative Analytics

Reports generated in tools like MSAB XAMN Pro such as using Report Builder to summarize findings, evidence, and insights from digital investigations, prepared for legal or operational use.

Investigative Workflow ICCID – Mobile Device Forensics

Integrated Circuit Card Identifier, a unique GSM identifier for SIM cards, extracted via tools like MSAB XRY to support investigative tracking and correlation.

IP Address

A unique identifier for devices on a network, traced in forensics to locate systems, attribute actions, or map communication paths in cyber investigations.

IPv4

The fourth version of the Internet Protocol using 32-bit addresses, analyzed in forensics to trace network activity, though limited by address exhaustion.

IPv6

The sixth version of the Internet Protocol using 128-bit addresses, increasingly encountered in forensics due to its adoption, offers greater traceability.

ISO/IEC 27037

An international standard for digital evidence handling, guiding forensic processes to ensure consistency, integrity, and legal admissibility.

This website uses cookies

Cookies ("cookies") consist of small text files. The text files contain data which is stored on your device. To be able to place some type of cookies we need your consent. We at MSAB, corporate identity number 556244-3050 use these types of cookies. To read more about which cookies we use and storage duration, click here to get to our cookiepolicy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that need to be placed for fundamental functions on the website to work. Fundamental functions are for instance cookies that are needed for you to use menus and navigate the website.

Functional cookies

Functional cookies need to be placed for the website to perform in the way that you expect. For instance to remember which language you prefer, to know if you are logged in, to keep the website secure, remember login credentials or to enable sorting of products on the website in the way that you prefer.

Statistical cookies

To know how you interact with the website we place cookies to collect statistics. These cookies anonymize personal data.

Personalization cookies

In order to provide a better experiance we place cookies for your preferances

Ad measurement cookies

To be able to provide a better service and experience we place cookies to tailor marketing for you. Another purpose for this placement is to market products or services to you, give tailored offers or market and give recommendations on new concepts based on what you have bought from us previously.

Ad measurement user cookies

In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data