Glossary - MSAB

MSAB Digital Forensics Glossary

Key Terms and Definitions

Welcome to Our Digital Forensics Glossary — A resource for clear, concise definitions of key terms used in digital forensic investigations. This glossary includes terminology used in the field of smartphone investigations, mobile data extraction, and the analysis of digital evidence from mobile devices.

As mobile phones become central to cybercrime and digital investigations, it’s essential to understand critical concepts such as IMEI, mobile data acquisition, app artifacts, and SIM card analysis. You’ll also find definitions of broader digital forensics terms like hash values, metadata, and chain of custody — all explained in a straightforward, accessible format. Whether you’re a mobile forensics specialist, law enforcement officer, cybersecurity professional, or student, this glossary offers up-to-date explanations to help you navigate the rapidly evolving field of mobile forensics.

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

P2P Exchange – Crypto Forensics

Peer-to-peer online platforms facilitating direct buying, selling, and trading of cryptocurrencies, analyzed in forensics to trace transactions without intermediaries.

Packet Capture (PCAP)

The process of recording network traffic (e.g., using Wireshark), examined in forensics to analyze communications, detect malware, or reconstruct cyber incidents.

Packet Sniffing

The interception of network packets, used in forensics to monitor live traffic or analyze captured data for evidence of unauthorized activity or data exfiltration.

Pagefile

A virtual memory file on a hard drive (e.g., pagefile.sys in Windows), analyzed in forensics to recover swapped-out data from RAM, such as passwords or process artifacts.

Parsing – Mobile Device Forensics

The process of interpreting readable data (after decoding) from a mobile device into structured formats, enabling forensic tools to extract meaningful evidence like messages or logs.

Partial File-System Extraction – Mobile Device Forensics, Phone Forensics Software

A forensic method using phone software to recover a subset of a mobile device’s file system, targeting specific data (e.g., photos, contacts) rather than a full image.

Partition

A logical division of a storage device, analyzed in forensics to locate data, recover lost partitions, or identify hidden or encrypted sections.

Password Cracking

The process of recovering passwords from encrypted data (e.g., via brute force or dictionary attacks), a common forensic technique to access locked evidence.

Payload

The core data within a network packet or malware, dissected in forensics to reveal malicious code, stolen information, or communication content.

Peer-to-Peer (P2P) Network

A decentralized network where devices communicate directly, investigated in forensics to trace file sharing (e.g., torrents) or cryptocurrency transactions.

Penetration Testing

A simulated attack to identify vulnerabilities, sometimes reviewed in forensics to contextualize breaches or validate evidence of exploitation.

Persistent Storage

Non-volatile memory (e.g., hard drives, flash) retaining data after power loss, a primary target in forensics for recovering files and system artifacts.

Personally Identifiable Information (PII)

Data that can identify an individual (e.g., name, SSN), sought in forensics during data breach investigations or identity theft cases.

Persons

A function in MSAB XAMN Pro to identify and filter person identities allowing you to filter on a subject easily.

Phishing

A fraudulent attempt to steal credentials or data via deceptive messages, analyzed in forensics to trace origins, methods, or victim interactions.

Photo DNA

A Microsoft-developed technology using hash-based image matching to detect and prevent the spread of illegal content (e.g., child exploitation images) in forensic investigations.

Physical Extraction – Mobile Device Forensics

A low-level, bit-by-bit copy of a mobile device’s storage (e.g., flash memory), capturing all data, including deleted files, for comprehensive forensic analysis. Physical extraction is a mobile forensic technique that involves acquiring a bit-for-bit copy of a device’s entire storage media, including allocated and unallocated space. This low-level extraction method allows forensic examiners to recover […]

Plausible Deniability

The ability to deny involvement in an action due to lack of direct evidence, a challenge in forensics countered by correlating indirect digital traces.

Plist (Property List)

A file format used by Apple devices (e.g., .plist), parsed in forensics to extract configuration data, app settings, or user preferences from iOS/macOS systems.

Port Scanning

A technique to identify open ports on a system, analyzed in forensics to detect reconnaissance attempts or map attack surfaces in network incidents.

Post-Mortem Analysis

The forensic examination of a system after an incident (e.g., breach, crash) to determine causes, impacts, and evidence, typically using disk images or logs.

Prefetch Files

Windows files (e.g., .pf) storing data about executed programs, analyzed in forensics to establish application usage timelines or detect malicious activity.

Private Key

A cryptographic key kept secret, used in forensics to decrypt data or verify digital signatures when recovered from a device or suspect.

Process Explorer

A tool (e.g., Sysinternals) for viewing active processes, used in live forensics to identify running malware or suspicious activity on a system.

Project VIC

Project VIC is an international initiative designed to help identify and rescue victims of child sexual abuse by enabling the efficient categorization and sharing of known CSAM (Child Sexual Abuse Material). Created in collaboration with law enforcement agencies and NGOs, Project VIC uses standardized hash sets and metadata to support victim identification and reduce investigator […]

Protocol Analysis

The examination of network protocol behavior (e.g., TCP, HTTP), conducted in forensics to interpret traffic, detect anomalies, or extract communication evidence.

Proxy Server

An intermediary server masking a user’s IP, investigated in forensics to trace true origins of traffic or bypass anonymity attempts in cybercrimes.

Python

A programming language used in forensics for scripting custom tools, automating analysis (e.g., parsing logs), or integrating with tools like MSAB XRY.

This website uses cookies

Cookies ("cookies") consist of small text files. The text files contain data which is stored on your device. To be able to place some type of cookies we need your consent. We at MSAB, corporate identity number 556244-3050 use these types of cookies. To read more about which cookies we use and storage duration, click here to get to our cookiepolicy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that need to be placed for fundamental functions on the website to work. Fundamental functions are for instance cookies that are needed for you to use menus and navigate the website.

Functional cookies

Functional cookies need to be placed for the website to perform in the way that you expect. For instance to remember which language you prefer, to know if you are logged in, to keep the website secure, remember login credentials or to enable sorting of products on the website in the way that you prefer.

Statistical cookies

To know how you interact with the website we place cookies to collect statistics. These cookies anonymize personal data.

Personalization cookies

In order to provide a better experiance we place cookies for your preferances

Ad measurement cookies

To be able to provide a better service and experience we place cookies to tailor marketing for you. Another purpose for this placement is to market products or services to you, give tailored offers or market and give recommendations on new concepts based on what you have bought from us previously.

Ad measurement user cookies

In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data