Glossary
 U.S. Rules & Statutes.
Stay current with evolving law by reading the federal and state rules and statutes that address electronic discovery, computer forensics and technology's role in litigation. | U.S. Case Law List.
Stay current with Kroll Ontrack's U.S. case law summaries. Kroll Ontrack's U.S. legal experts have compiled summaries of the most important decisions relating to electronic disclosure and computer forensics. |  Articles & Reference Tools.
Kroll Ontrack's online library gives you instant access to articles and other information relating to electronic and paper-based disclosure, computer forensics and courtroom services. |
Active Data: Active Data is information residing on the direct access storage media of computer systems, which is readily visible to the operating system and/or application software with which it was created and immediately accessible to users without undeletion, modification or reconstruction. Application: Software programs, such as word processors and spreadsheets that most users use to do work on a computer. Archival Data: Archival Data is information that is not directly accessible to the user of a computer system but that the organisation maintains for long-term storage and record keeping purposes. Archival data may be written to removable media such as a CD, magneto-optical media, tape or other electronic storage device, or may be maintained on system hard drives in compressed formats. ASCII (Acronym for American Standard Code): ASCII is a code that assigns a number to each key on the keyboard. ASCII text does not include special formatting features and therefore can be exchanged and read by most computer systems. Backup: To create a copy of data as a precaution against the loss or damage of the original data. Most users backup some of their files, and many computer networks utilise automatic backup software to make regular copies of some or all of the data on the network. Some backup systems use digital audio tape (DAT) as a storage medium. Backup Data: Backup Data is information that is not presently in use by an organisation and is routinely stored separately upon portable media, to free up space and permit data recovery in the event of disaster. Backup Tape: See Disaster Recovery Tape. Backup Tape Recycling: Backup Tape Recycling describes the process whereby an organisation’s backup tapes are overwritten with new backup data, usually on a fixed schedule (e.g., the use of nightly backup tapes for each day of the week with the daily backup tape for a particular day being overwritten on the same day the following week; weekly and monthly backups being stored offsite for a specified period of time before being placed back in the rotation). Bandwidth: The amount of information or data that can be sent over a network connection in a given period of time. Bandwidth is usually stated in bits per second (bps), kilobits per second (kbps), or megabits per second (mps). Binary: Mathematical base 2, or numbers composed of a series of zeros and ones. Since zero's and one's can be easily represented by two voltage levels on an electronic device, the binary number system is widely used in digital computing. Bit: A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code. A collection of bits is put together to form a byte. Burn: Slang for making (burning) a CD-ROM copy of data, whether it is music, software, or other data. Byte: Eight bits. The byte is the basis for measurement of most computer data as multiples of the byte value. A "megabyte" is one million bytes or eight million bits or a "gigabyte" is one billion bytes or eight billion bits.
1 gigabyte = 1,000 megabytes
1 terabyte = 1,000 gigabytes Cache: A type a computer memory that temporarily stores frequently used information for quick access. CD-ROM: Data storage medium that uses compact discs to store about 1,500 floppy discs worth of data. Compression: A technology that reduces the size of a file. Compression programs are valuable to network users because they help save both time and bandwidth. Computer Forensics: Computer Forensics is the use of specialised techniques for recovery, authentication, and analysis of electronic data when a case involves issues relating to reconstruction of computer usage, examination of residual data, authentication of data by technical analysis or explanation of technical features of data and computer usage. Computer forensics requires specialised expertise that goes beyond normal data collection and preservation techniques available to end-users or system support personnel. Cookie: Small data files written to a user's hard drive by a web server. These files contain specific information that identifies users (e.g., passwords and lists of pages visited). DAT: Digital Audio Tape. Used as a storage medium in some backup systems. Data: Information stored on the computer system, used by applications to accomplish tasks. De-Duplication: De-Duplication (“De-Duping”) is the process of comparing electronic records based on their characteristics and removing duplicate records from the data set. Deleted Data: Deleted Data is data that, in the past, existed on the computer as live data and which has been deleted by the computer system or end-user activity. Deleted data remains on storage media in whole or in part until it is overwritten by ongoing usage or “wiped” with a software program specifically designed to remove deleted data. Even after the data itself has been wiped, directory entries, pointers, or other metadata relating to the deleted data may remain on the computer. Deleted file: A file with disk space that has been designated as available for reuse. The deleted file remains intact until it has been overwritten with a new file. Deletion: Deletion is the process whereby data is removed from active files and other data storage structures on computers and rendered inaccessible except using special data recovery tools designed to recover deleted data. Deletion occurs in several levels on modern computer systems: (a) File level deletion: Deletion on the file level renders the file inaccessible to the operating system and normal application programs and marks the space occupied by the file’s directory entry and contents as free space, available to reuse for data storage. (b) Record level deletion: Deletion on the record level occurs when a data structure, like a database table, contains multiple records; deletion at this level renders the record inaccessible to the database management system (DBMS) and usually marks the space occupied by the record as available for reuse by the DBMS, although in some cases the space is never reused until the database is compacted. Record level deletion is also characteristic of many e-mail systems. (c) Byte level deletion: Deletion at the byte level occurs when text or other information is deleted from the file content (such as the deletion of text from a word processing file); such deletion may render the deleted data inaccessible to the application intended to be used in processing the file, but may not actually remove the data from the file’s content until a process such as compaction or rewriting of the file causes the deleted data to be overwritten. Desktop: Usually refers to an individual PC - a user's desktop computer. Digital: Storing information as a string of digits – namely “1”s and “0”s. Disaster Recovery Tape: Disaster Recovery Tapes are portable media used to store data that is not presently in use by an organisation to free up space but still allow for disaster recovery. May also be called “Backup Tapes.” Disc (disk): It may be a floppy disk, or it may be a hard disk. Either way, it is a magnetic storage medium on which data is digitally stored. May also refer to a CD-ROM. Disc mirroring: A method of protecting data from a catastrophic hard disk failure. As each file is stored on the hard disk, a "mirror" copy is made on a second hard disk or on a different part of the same disk. Distributed Data: Distributed Data is that information belonging to an organisation which resides on portable media and non-local devices such as home computers, laptop computers, floppy disks, CD-ROMs, personal digital assistants (“PDAs”), wireless communication devices (e.g., Blackberry), zip drives, Internet repositories such as e-mail hosted by Internet service providers or portals, web pages, and the like. Distributed data also includes data held by third parties such as application service providers and business partners. Electronic Mail: Electronic Mail, commonly referred to as e-mail, is an electronic means for communicating information under specified conditions, generally in the form of text messages, through systems that will send, store, process, and receive information and in which messages are held in storage until the addressee accesses them. Encryption: A procedure that renders the contents of a message or file unintelligible to anyone not authorised to read it. Ethernet: A common way of networking PCs to create a LAN. Extranet: An Internet based access method to a corporate intranet site by limited or total access through a security firewall. This type of access is typically utilised in cases of joint venture and vendor client relationships. File: A collection of data of information stored under a specified name on a disk. File extension: A tag of three or four letters, preceded by a period, which identifies a data file's format or the application used to create the file. File extensions can streamline the process of locating data. For example, if one is looking for incriminating pictures stored on a computer, one might begin with the .gif and .jpg files. File server: When several or many computers are networked together in a LAN situation, one computer may be utilised as a storage location for files for the group. File servers may be employed to store e-mail, financial data, word processing information or to back-up the network. File sharing: One of the key benefits of a network is the ability to share files stored on the server among several users. Firewall: A set of related programs that protect the resources of a private network from users from other networks. Floppy: An increasingly rare storage medium consisting of a thin magnetic film disk housed in a protective sleeve. Forensic Copy: A Forensic Copy is an exact bit-by-bit copy of the entire physical hard drive of a computer system, including slack and unallocated space. Fragmented Data: Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk. FTP (File Transfer Protocol): An Internet protocol that enables you to transfer files between computers on the Internet. GIF (Graphic Interchange Format): A computer compression format for pictures. GUI (Graphical User Interface): A set of screen presentations and metaphors that utilise graphic elements such as icons in an attempt to make an operating system easier to use. Hard disk: A peripheral data storage device that may be found inside a desktop or laptop as in a hard drive situation. The hard disk may also be a transportable version and attached to a desktop or laptop. Hard drive: The primary storage unit on PCs, consisting of one or more magnetic media platters on which digital data can be written and erased magnetically. HTML (Hypertext Markup Language): The tag-based ASCII language used to create pages on the web. Image: In data recovery parlance, to image a hard drive is to make an identical copy of the hard drive, including empty sectors. Akin to cloning the data. Also known as creating a “mirror image” or “mirroring” the drive. Instant Messaging (“IM”): Instant Messaging is a form of electronic communication which involves immediate correspondence between two or more users who are all online simultaneously. Internet: The interconnecting global public network made by connecting smaller shared public networks. The most well-known Internet is the Internet, the worldwide network of networks which use the TCP/IP protocol to facilitate information exchange. Intranet: A network of interconnecting smaller private networks that are isolated from the public Internet. IP address: A string of four numbers separated by periods used to represent a computer on the Internet. IS / IT Information Systems or Information Technology: Usually refers to the people who make computers and computer systems run. ISP (Internet Service Provider): A business that delivers access to the Internet. JPEG (Joint Photographic Experts Group) An image compression standard for photographs. Keyword search: A search for documents containing one or more words that are specified by a user. Kilobyte (K): One thousand bytes of data is 1K of data. LAN (Local Area Network): Usually refers to a network of computers in a single building or other discrete location. Legacy Data: Legacy Data is information in the development of which an organisation may have invested significant resources and which has retained its importance, but which has been created or stored by the use of software and/or hardware that has been rendered outmoded or obsolete. Megabyte (Meg): A million bytes of data is a megabyte, or simply a meg. Metadata: Metadata is information about a particular data set which may describe, for example, how, when, and by whom it was received, created, accessed, and/or modified and how it is formatted. Some metadata, such as file dates and sizes, can easily be seen by users; other metadata can be hidden or embedded and unavailable to computer users who are not technically adept. Metadata is generally not reproduced in full form when a document is printed. (Typically referred to by the less informative shorthand phrase “data about data,” it describes the content, quality, condition, history, and other characteristics of the data.) Migrated data: Migrated data is information that has been moved from one database or format to another, usually as a result of a change from one hardware or software technology to another. Mirroring: The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data. MIS: Management Information Systems. Modem: A piece of hardware that lets a computer talk to another computer over a phone line. Network: A group of computers or devices that is connected together for the exchange of data and sharing of resources. Node: Any device connected to network. PCs, servers, and printers are all nodes on the network. OCR: Optical Character Recognition is a technology which takes data from a paper document and turns it editable text data. The document is first scanned. Then OCR software searches the document for letters, numbers, and other characters. Offline: Not connected (to a network). Online: Connected (to a network). Operating System (OS): The software that the rest of the software depends on to make the computer functional. On most PCs this is Windows or the Macintosh OS. Unix and Linux are other operating systems often found in scientific and technical environments. PC: Personal computer. PDA (Personal Digital Assistant): Handheld digital organisers. PDF (Portable Document Format): An Adobe technology for formatting documents so that they can be viewed and printed using the Adobe Acrobat reader. Plaintext: The least formatted and therefore most portable form of text for computerised documents. Pointer: A pointer is an index entry in the directory of a disk (or other storage medium) that identifies the space on the disc in which an electronic document or piece of electronic data resides, thereby preventing that space from being overwritten by other data. In most cases, when an electronic document is “deleted,” the pointer is deleted, which allows the document to be overwritten, but the document is not actually erased. Private Network: A network that is connected to the Internet but is isolated from the Internet. Public Network: A network that is part of the public Internet. RAM (Random Access Memory): The working memory of the computer into which application programs can be loaded and executed. Residual Data: Residual Data (sometimes referred to as “Ambient Data”) refers to data that is not active on a computer system. Residual data includes (1) data found on media free space; (2) data found in file slack space; and (3) data within files that has functionally been deleted in that it is not visible using the application with which the file was created, without use of undelete or special data recovery techniques. Router: A piece of hardware that routes data from a local area network (LAN) to a phone line. Sampling: Sampling usually (but not always) refers to the process of statistically testing a data set for the likelihood of relevant information. It can be a useful technique in addressing a number of issues relating to litigation, including decisions as to which repositories of data should be preserved and reviewed in a particular litigation, and determinations of the validity and effectiveness of searches or other data extraction procedures. Sampling can be useful in providing information to the court about the relative cost burden versus benefit of requiring a party to review certain electronic records. Sandbox: A network or series of networks that are not connected to other networks. Server: Any computer on a network that contains data or applications shared by users of the network on their client PCs. Software: Coded instructions (programs) that make a computer do useful work. Stand alone computer: A personal computer that is not connected to any other computer or network, except possibly through a modem. System administrator: (sysadmin, sysop) The person in charge of keeping a network working. TIFF (Tagged Image File Format): One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tiff extension. Transmission Control Protocol/Internet Protocol (TCP/IP): A collection of protocols that define the basic workings of the features of the Internet. VPN (Virtual Private Network): A virtually private network that is constructed by using public wires to connect nodes. World Wide Web: The WWW is made up of all of the computers on the Internet which use HTML-capable software (Netscape, Explorer, etc.) to exchange data. Data exchange on the WWW is characterised by easy-to-use graphical interfaces, hypertext links, images, and sound. Today the WWW has become synonymous with the Internet, although technically it is really just one component.
 |
 |
Electronic Disclosure |
 |
 |
Computer Forensics |
|
 |
Courtroom Services |
Learn how to efficiently manage large volumes of electronic information and quickly find evidence.
Electronic Disclosure Services |
Learn how to find hidden or hard-to-find data, recreate past computer-related conduct, or access data that you think is forever lost.
Computer Forensics Services |
Learn how Kroll Ontrack can help you present evidence throughout the legal process.
Courtroom Services |
| |
|
|
Printable Version