MSAB Digital Forensics Glossary
Key Terms and Definitions
Welcome to Our Digital Forensics Glossary — A resource for clear, concise definitions of key terms used in digital forensic investigations. This glossary includes terminology used in the field of smartphone investigations, mobile data extraction, and the analysis of digital evidence from mobile devices.
As mobile phones become central to cybercrime and digital investigations, it’s essential to understand critical concepts such as IMEI, mobile data acquisition, app artifacts, and SIM card analysis. You’ll also find definitions of broader digital forensics terms like hash values, metadata, and chain of custody — all explained in a straightforward, accessible format. Whether you’re a mobile forensics specialist, law enforcement officer, cybersecurity professional, or student, this glossary offers up-to-date explanations to help you navigate the rapidly evolving field of mobile forensics.
Jailbreak
The process of removing software restrictions on a device (e.g., iOS devices), often performed in forensics to gain root access and extract data otherwise inaccessible due to security measures.
Read full termJavaScript
A programming language commonly used in web applications, analyzed in forensics to investigate malicious scripts, browser exploits, or user interactions on compromised sites.
Read full termJob Scheduler
A system component that automates tasks (e.g., cron jobs in Unix), examined in forensics to detect scheduled malware execution or unauthorized activities.
Read full termJoint Test Action Group (JTAG)
A hardware interface standard used for testing and debugging electronic circuits, leveraged in forensics to extract data directly from a device’s memory (e.g., mobile phones) via physical connections. Applications of JTAG in Mobile Forensics Bypassing Locks and Security: JTAG can be used to bypass lock screens, passwords, or other security measures that may prevent access […]
Read full termJournaling
A file system feature (e.g., in NTFS, EXT3/4) that logs changes before they’re committed, analyzed in forensics to recover data or reconstruct events after a crash or deletion.
Read full termJPEG (Joint Photographic Experts Group)
A common image file format uses lossy compression, analyzed in forensics to recover metadata (e.g., EXIF data), detect tampering, or extract hidden information via steganography.
Read full termJSON (JavaScript Object Notation)
A lightweight data format used in apps and web services, parsed in forensics to extract structured evidence like user data, logs, or configuration details.
Read full termJumbo Frame
An oversized Ethernet frame (beyond 1500 bytes), encountered in network forensics when analyzing high-throughput traffic for evidence of data exfiltration or anomalies.
Read full termJurisdiction
Legal authority over a case, a critical consideration in digital forensics when evidence spans multiple regions, affecting admissibility and investigative scope.
Read full termJust-in-Time (JIT) Compilation
A method of executing code by compiling it during runtime, relevant in forensics when analyzing malware or software behavior in dynamic environments.
Read full term