Glossary of Computer Terms We Sometimes Use

Active Data: Active Data is information residing on the hard drives or optical drives of computer systems, that is readily visible to the operating system and/or application software with which it was created and is immediately accessible to users without deletion, modification or reconstruction.

Application: Software programs, such as word processors and spreadsheets that most users use to do work on a computer.

Archival Data: Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes. Archival data may be written to removable media such as a CD, magneto-optical media, tape or other electronic storage device, or may be maintained on system hard drives in compressed formats. This is very important in forensics since it can show recent changes that have occurred in the data on a hard drive.

ASCII (Acronym for American Standard Code for Information Interchange): ASCII text does not include special formatting features and therefore can be exchanged and read by most computer systems. Files that have a ".txt" extension are typical of ASCII files.

Backup: To create a copy of data as a precaution against the loss or damage of the original data. Most users backup some of their files, and many computer networks utilize automatic backup software to make regular copies of some or all of the data on the network. No one does it enough.

Backup Data: Backup Data is information that is not presently in use by an organization and is routinely stored separately on portable media, to free up space and permit data recovery in the event of a disaster. To see the backup data, you have to reload it onto a computer from whatever storage media it is on.

Bandwidth: The amount of data that can be transmitted in a fixed amount of time. For digital devices, the bandwidth is usually expressed in bits per second (bps) or bytes per second. For analog devices, the bandwidth is expressed in cycles per second, or Hertz (Hz).

Binary: Pertaining to a number system that has just two unique digits. For most purposes, we use the decimal number system, which has ten unique digits, 0 through 9. All other numbers are then formed by combining these ten digits. Computers are based on the binary numbering system, which consists of just two unique numbers, 0 and 1. All operations that are possible in the decimal system (addition, subtraction, multiplication, division) are equally possible in the binary system. We use the decimal system in everyday life because it seems more natural (we have ten fingers and ten toes). For the computer, the binary system is more natural because of its electrical nature (charged versus uncharged, or on versus off).

Bit: A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code. Eight bits are put together to form a byte.

Boot: (v.) To load the first piece of software that starts a computer. Because the operating system is essential for running all other programs, it is usually the first piece of software loaded during the boot process. Boot is short for bootstrap, which in olden days was a strap attached to the top of your boot that you could pull to help get your boot on. Hence, the expression "pull oneself up by the bootstraps." Similarly, bootstrap utilities help the computer get started.

(n.) Short for bootstrap, the starting-up of a computer, which involves loading the operating system and other basic software. A cold boot is when you turn the computer on from an off position. A warm boot is when you reset a computer that is already on.

Burn: Slang for making (burning) a CD-ROM copy of data, whether it is music, software, or other data.

Byte: Eight bits. The byte is the basis for measurement of most computer data as multiples of the byte value. A "megabyte" is one million bytes or eight million bits. A "gigabyte" is one billion bytes or eight billion bits. A single character of ASCII code, such as a letter of the alphabet requires one byte of memory for a computer to use it.

Cache: A type a computer memory that temporarily stores frequently used information for quick access.

CD-ROM: (Pronounced see-dee-rom.) Short for Compact Disc-Read-Only Memory, a type of optical disk capable of storing large amounts of data -- up to 1GB, although the most common size is 650MB (megabytes). A single CD-ROM has the storage capacity of 700 floppy disks, enough memory to store about 300,000 text pages.

Compression: A technology that reduces the size of a file. Compression programs are valuable to network users because they help save both time and bandwidth.

Computer Forensics: Computer Forensics is the use of specialized techniques for recovery, authentication, and analysis of electronic data when a case involves issues relating to reconstruction of computer usage, examination of residual data, authentication of data by technical analysis or explanation of technical features of data and computer usage. Computer Forensics requires specialized expertise that goes beyond normal data collection and preservation techniques available to end-users or system support personnel.

Cookie: Small data files written to a user's hard drive by a web server. These files contain specific information that identifies users (e.g., passwords and lists of pages visited). Cookies have gotten a lot of false bad press lately, and are not the all-present danger to security that some people believe.

DAT: Digital Audio Tape. Used as a storage medium in some backup systems. Kind of like the old 8-track tapes, but obviously a lot better.

Data: Any Information stored on the computer system, used by applications to accomplish tasks, or available to users.

Deleted Data: Deleted Data is data that, in the past, existed on the computer as live data and was been deleted by the computer system or by end-user activity. Deleted data remains on storage media in whole or in part until it is overwritten by ongoing usage or “wiped” with a software program specifically designed to remove deleted data. Even after the data itself has been wiped, directory entries, pointers, or other metadata relating to the deleted data may remain on the computer. Deleted data is where a lot of court cases based on Computer Forensics are won or lost.

Deleted file: A deleted file is a whole file, such as a Microsoft Word document, that has been deleted and the disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.

Deletion: Deletion is the process whereby data is removed from active files and other data storage structures on computers and rendered inaccessible except using special data recovery tools designed to recover deleted data. Deletion occurs in several levels on modern computer systems:
(a) File level deletion: Deletion on the file level renders the file inaccessible to the operating system and normal application programs and marks the space occupied by the file’s directory entry and contents as free space, available to reuse for data storage.
(b) Record level deletion: Deletion on the record level occurs when a data structure, like a database table, contains multiple records; deletion at this level renders the record inaccessible to the database management system (DBMS) and usually marks the space occupied by the record as available for reuse by the DBMS, although in some cases the space is never reused until the database is compacted. Record level deletion is also characteristic of many e-mail systems.
(c) Byte level deletion: Deletion at the byte level occurs when text or other information is deleted from the file content (such as the deletion of text from a word processing file). Such deletion may render the deleted data inaccessible to the application intended to be used in processing the file, but may not actually remove the data from the file’s content until a process such as compaction or rewriting of the file causes the deleted data to be overwritten.

Desktop: Usually refers to an individual PC, such as a user's desktop computer. It can also refer to the first screen presented after a Microsoft Windows Operating System has finished booting up.

Digital: Storing information as a string of digits – namely “1”s and “0”s.

Disaster Recovery Tape: Disaster Recovery Tapes are portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called “Backup Tapes.”

Disc (disk): It may be a floppy disk, or it may be a hard disk. Either way, it is a magnetic storage medium on which data is digitally stored. 'Disc' is often used for optical discs, while 'disk' generally refers to magnetic discs, but there is no real rule.

Disc mirroring: A method of protecting data from a catastrophic hard disk failure. As each file is stored on the hard disk, a "mirror" copy is made on a second hard disk or on a different part of the same disk. Also known as RAID 0.

Distributed Data: Distributed Data is that information belonging to an organization which resides on portable media and non-local devices such as home computers, laptop computers, floppy disks, CD-ROMs, personal digital assistants (PDA's), wireless communication devices (e.g., Blackberry), zip drives, Internet repositories such as e-mail hosted by Internet service providers or portals, web pages, and the like. Distributed data also includes data held by third parties such as application service providers and business partners.

Electronic Mail: Electronic Mail, commonly referred to as e-mail, is an electronic means for communicating information under specified conditions, generally in the form of text messages, through systems that will send, store, process, and receive information and in which messages are held in storage until the addressee accesses them.

Encryption: A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.

Ethernet: Ethernet is a frame-based computer networking technology for local area networks (LANs). Ethernet is mostly standardized as IEEE's (see below) 802.3. It has become the most widespread LAN technology in use during the 1990s to the present, and has largely replaced all other LAN standards such as token ring, FDDI, and ARCNET

File: A collection of data or information that has a name, called the filename. Almost all information stored in a computer must be in a file. There are many different types of files: data files, text files, program files, directory files, and so on. Different types of files store different types of information. For example, program files store programs, whereas text files store text.

File extension: A tag of three or four letters, preceded by a period, which identifies a data file's format or the application used to create the file. File extensions can streamline the process of locating data. For example, if one is looking for incriminating pictures stored on a computer, one might begin with the .gif and .jpg files.

File server: When two or more computers are networked together in a LAN situation, one computer may be utilized as a storage location for files for the group. File servers may be employed to store e-mail, financial data, word processing information or to back-up the network.

File sharing: One of the key benefits of a network is the ability to share files stored on the server among several users.

Firewall: A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

Floppy: A soft magnetic disk. It is called floppy because it flops if you wave it (at least, the 5¼-inch variety does). Unlike most hard disks, floppy disks (often called floppies or diskettes) are portable; because you can remove them from a disk drive. Disk drives for floppy disks are called floppy drives. Floppy disks are slower to access than hard disks and have less storage capacity, but they are much less expensive. And most importantly, they are portable.

Forensic Copy: A Forensic Copy is an exact bit-by-bit copy of the entire physical hard drive or floppy disk, including slack and unallocated space. Only forensic copy quality will hold up in court.

Fragmented Data: Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.

FTP: Short for File Transfer Protocol, the protocol for exchanging files over the Internet. FTP is most commonly used to download a file from a server using the Internet or to upload a file to a server (e.g., uploading a Web page file to a server).

GIF: Pronounced jiff or giff (hard g) stands for graphics interchange format, a bit-mapped graphics file format used by the World Wide Web. GIF supports color and various resolutions. It also includes data compression, but because it is limited to 256 colors, it is more effective for scanned images such as illustrations rather than color photos.

Gigabyte (GB): A gigabyte is a measure of computer data storage capacity and is a billion (1,000,000,000) bytes.

GUI: Graphical User Interface and pronounced GOO-ee. A program interface that takes advantage of the computer's graphics capabilities to make the program easier to use. Well-designed graphical user interfaces can free the user from learning complex command languages. The Windows desktop screen is a typical example of a GUI.

Hard disk: A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.

HTML (Hypertext Markup Language): The tag-based ASCII language used to create pages on the web.

IEEE: The Institute of Electrical and Electronics Engineers or IEEE (pronounced as eye-triple-ee) is an international non-profit, professional organization incorporated in the State of New York, United States. It is the largest technical professional organization in the world (in number of members), with more than 360,000 members in 150 countries (as of 2004).

Image: In data recovery parlance, to image a hard drive is to make an identical copy of the hard drive, including empty sectors. (Akin to cloning the data.) Also known as creating a “mirror image” or “mirroring” the drive.

Instant Messaging (“IM”): Instant Messaging is a form of electronic communication that involves immediate correspondence between two or more users who are all online simultaneously. It is a conversation made up of typing rather than speaking words.

Internet: A global network connecting millions of computers. More than 100 countries are linked into exchanges of data, news and opinions. Unlike online services, which are centrally controlled, the Internet is decentralized by design. Each Internet computer, called a host, is independent. Its operators can choose which Internet services to use and which local services to make available to the global Internet community. Remarkably, this anarchy by design works exceedingly well.

There are a variety of ways to access the Internet. Most online services, such as America Online, offer access to some Internet services. It is also possible to gain access through a commercial Internet Service Provider (ISP).

The Internet is not synonymous with World Wide Web.

Intranet: A network based on TCP/IP protocols (an internet) belonging to an organization, usually a corporation, accessible only by the organization's members, employees, or others with authorization. An intranet's Web sites look and act just like any other Web sites, but the firewall surrounding an intranet fends off unauthorized access.
Like the Internet itself, intranets are used to share information. Secure intranets are now the fastest-growing segment of the Internet because they are much less expensive to build and manage than private networks based on proprietary protocols.

IP address: An identifier for a computer or device on a TCP/IP network. Networks using the TCP/IP protocol route messages based on the IP address of the destination. The format of an IP address is a 32-bit numeric address written as four numbers separated by periods. Each number can be zero to 255. For example, 1.160.10.240 could be an IP address.

ISP: Short for Internet Service Provider, a company that provides access to the Internet. For a monthly fee, the service provider gives you a software package, username, password and access phone number. Equipped with a modem, you can then log on to the Internet and browse the World Wide Web and USENET, and send and receive e-mail. In addition to serving individuals, ISPs also serve large companies, providing a direct connection from the company's networks to the Internet.

JPEG (Joint Photographic Experts Group) An image compression standard for photographs

Keyword search: A search for documents containing one or more words that are specified by a user.

Kilobyte (K): One thousand bytes of data is 1K of data.

LAN (Local Area Network): Usually refers to a network of computers in a single building or other small, discrete location.

Legacy Data: Legacy Data is information in the development of which an organization may have invested significant resources and which has retained its importance, but which has been created or stored by the use of software and/or hardware that has been rendered outmoded or obsolete.

Megabyte (Meg): A million bytes of data is a megabyte, the slang term is 'a meg.'

Metadata: Metadata is information about a particular data set that may describe, for example, how, when, and by whom it was received, created, accessed, and/or modified, and how it is formatted. Some metadata, such as file dates and sizes, can easily be seen by users. Other metadata can be hidden or embedded and therefore unavailable to computer users who are not technically adept. Metadata is generally not reproduced in full form when a document is printed. (Typically referred to by the less informative shorthand phrase “data about data,” it describes the content, quality, condition, history, and other characteristics of the data.)

Migrated Data: Migrated Data is information that has been moved from one database or format to another, usually as a result of a change from one hardware or software technology to another.

Mirroring: The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.

MIS: Management Information Systems.

Modem: A piece of hardware that lets a computer talk to another computer over a phone line.

Network: A group of computers or devices that are connected together for the exchange of data and sharing of resources. A network can be as small as two computers, or as large as the public Internet.

Node: Any device connected to a network. PCs, servers, and printers can all be nodes on the network.

OCR: Optical Character Recognition is a technology that takes data from a paper document and turns it into editable text data. The document is first scanned, then the OCR software searches the document for letters, numbers, and other characters and attempts the conversion.

Offline: Term for a computer or node not connected to a network.

Online: Term for a computer or node that is connected to a network.

Operating System (OS): The software that the rest of the software on a computer depends on to make the computer functional. On most PC's, this is Microsoft Windows. Unix and Linux are other operating systems often found in scientific and technical environments.

PC: Personal computer.

PDA (Personal Digital Assistant): Handheld digital organizers. The most well known type of PDA is the 'Palm" handheld computer.

PDF (Portable Document Format): A technology developed by the Adobe Corporation for formatting documents so that they can be viewed and printed exactly the same on any PC using the Adobe Acrobat reader.

Petabyte (PB): A petabyte is a measure of computer data storage capacity and is 2 to the 50th power (1,125,899,906,842,624) bytes.

Plaintext: The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.

Pointer: A pointer is an index entry in the directory of a disk (or other storage medium) that identifies the space on the disk in which an electronic document or piece of electronic data resides, thereby preventing that space from being overwritten by other data. In most cases, when an electronic document is “deleted,” the pointer is changed to a form that allows the document to be overwritten, but the document is not actually erased.

Private Network: A network that is isolated from the Internet. See Intranet.

Public Network: A network that is part of the public Internet.

RAM (Random Access Memory): The working memory of the computer into which application programs can be loaded and executed. The contents of RAM disappear(s) when the computer is switched off.

Residual Data: Residual Data (sometimes referred to as “Ambient Data”) refers to data that is not active on a computer system. Residual data includes (1) data found on media free space; (2) data found in file slack space; and (3) data within files that has functionally been deleted in that it is not visible using the application with which the file was created, without use of undelete or special data recovery techniques.

Router: A piece of hardware that routes data from one local area network (LAN) to another, or from a LAN onto the Internet.

Sampling: Sampling usually (but not always) refers to the process of statistically testing a data set for the likelihood of relevant information. It can be a useful technique in addressing a number of issues relating to litigation, including decisions as to which repositories of data should be preserved and reviewed in a particular litigation, and determinations of the validity and effectiveness of searches or other data extraction procedures. Sampling can be useful in providing information to the court about the relative cost burden versus benefit of requiring a party to review certain electronic records.

Server: Any computer on a network that contains data or applications shared by users of the network on their client PCs.

Software: Coded instructions (programs) that make a computer do useful work.

Stand-alone computer: A personal computer that is not connected to any other computer or network, except possibly through a modem.

System Administrator: (sysadmin, sysop) The person in charge of keeping a network working.

TCP/IP: (pronounced as separate letters) Short for Transmission Control Protocol/Internet Protocol, the suite of communications protocols used to connect hosts on the Internet. TCP/IP uses several protocols, the two main ones being TCP and IP. TCP/IP is built into the UNIX operating system and is used by the Internet, making it the de facto standard for transmitting data over networks.

Terabyte (TB): A terabyte is a measure of computer data storage capacity and is one thousand billion (1,000,000,000,000) bytes.

TIFF (Tagged Image File Format): One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.

VPN: (pronounced as separate letters) Short for virtual private network, a network that is constructed by using public wires to securely connect nodes. For example, there are a number of systems that enable you to create networks using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.