The process of creating a duplicate image of data; one of the five required functions of computer forensics tools.
The process of trying every combination of characters—letters, numbers, and special characters typically found on a keyboard—to find a matching password or passphrase value for an encrypted file.
Computer Forensics Tool Testing (CFTT)
A project sponsored by the National Institute of Standards and Technology to manage research on computer forensics tools.
The process of sorting and searching through investigation data to separate known good data from suspicious data; along with validation, one of the five required functions of computer forensics tools
The process of pulling relevant data from an image and recovering or reconstructing data fragments; one of the five required functions of computer forensics tools.
A method of finding files or other information by entering relevant characters, words, or phrases in a search tool.
National Software Reference Library (NSRL)
A NIST project with the goal of collecting all known hash values for commercial software and OS files.
password dictionary attack
An attack that uses a collection of words or phrases that might be passwords for an encrypted file. Password recovery programs can use a password dictionary to compare potential passwords to an encrypted file's password or passphrase hash values.
The process of rebuilding data files; one of the five required functions of computer forensics tools.
The process of checking the accuracy of results; along with discrimination, one of the five required functions of computer forensics tools.
A hardware device or software program that prevents a computer from writing data to an evidence drive. Software write-blockers typically alter interrupt 13 write functions to a drive in a PC's BIOS. Hardware write-blockers are usually bridging devices between a drive and the forensic workstation.