| No. | Item | Definition |
|---|---|---|
| 1. | acquisition | collecting data from a device |
| 2. | analysis | careful examination of evidence |
| 3. | artifact | digital trace left by activity |
| 4. | attachment | file sent with email |
| 5. | authentication | verifying identity |
| 6. | authorization | granting permitted access |
| 7. | backdoor | hidden access method |
| 8. | backup | duplicate copy for restoration |
| 9. | beacon | periodic contact to remote server |
| 10. | boot sector | disk area starting system load |
| 11. | browser history | record of visited web pages |
| 12. | brute force | trying many possible values |
| 13. | cache | stored data for faster access |
| 14. | carving | recovering files by content patterns |
| 15. | chain of custody | record of evidence handling |
| 16. | checksum | value used to detect changes |
| 17. | cluster | group of disk sectors |
| 18. | command-and-control | attacker management infrastructure |
| 19. | cookie | small website data file |
| 20. | decryption | restoring encrypted data to readable |
| 21. | deleted file | file removed from directory view |
| 22. | dictionary attack | guessing from word lists |
| 23. | DNS | system translating names to addresses |
| 24. | domain | named internet location |
| 25. | driver | software controlling hardware |
| 26. | electronic message | |
| 27. | encryption | scrambling data to protect it |
| 28. | evidence | information used to prove facts |
| 29. | exFAT | flash-friendly file system |
| 30. | EXIF | image metadata standard |
| 31. | exploit | code using a vulnerability |
| 32. | FAT32 | older file system format |
| 33. | filesystem | method for organizing stored files |
| 34. | firmware | software embedded in hardware |
| 35. | geolocation | estimated physical location data |
| 36. | hash | fixed fingerprint of data |
| 37. | header | leading data identifying content |
| 38. | hex | base-16 number notation |
| 39. | hive | registry database file |
| 40. | hostname | device or server name |
| 41. | image | bit-for-bit copy of media |
| 42. | imaging | creating a forensic copy |
| 43. | inode | Unix file metadata record |
| 44. | integrity | state of being unaltered |
| 45. | IOC | indicator of compromise |
| 46. | IP address | network device numeric address |
| 47. | journal | filesystem change log |
| 48. | kernel | core part of operating system |
| 49. | key | secret value for encryption |
| 50. | keylogger | tool recording keystrokes |
| 51. | keyword | searched word or term |
| 52. | LNK | Windows shortcut file |
| 53. | log | record of system events |
| 54. | MAC address | hardware network identifier |
| 55. | MAC time | modified, accessed, created times |
| 56. | magic number | file type identifying bytes |
| 57. | malware | malicious software |
| 58. | MD5 | older hashing algorithm |
| 59. | memory dump | captured contents of memory |
| 60. | metadata | data describing other data |
| 61. | MFT | NTFS master file table |
| 62. | NTFS | common Windows file system |
| 63. | packet | small unit of network data |
| 64. | pagefile | disk file supporting virtual memory |
| 65. | partition | separate storage division on a disk |
| 66. | payload | malicious action or code |
| 67. | port | number identifying network service |
| 68. | prefetch | Windows startup trace data |
| 69. | protocol | rules for data exchange |
| 70. | proxy | intermediary network service |
| 71. | query | request for specific data |
| 72. | RAM | temporary working computer memory |
| 73. | ransomware | malware demanding payment |
| 74. | registry | Windows configuration database |
| 75. | remanence | residual data after deletion |
| 76. | rootkit | stealthy system-hiding malware |
| 77. | sector | smallest addressable disk unit |
| 78. | session | period of connected activity |
| 79. | SHA-1 | older secure hash algorithm |
| 80. | SHA-256 | stronger secure hash algorithm |
| 81. | signature | distinctive byte pattern |
| 82. | slack space | unused space inside allocated cluster |
| 83. | spyware | software that secretly monitors |
| 84. | thread | smallest scheduled execution unit |
| 85. | timestamp | recorded date and time |
| 86. | timezone | regional offset from UTC |
| 87. | triage | quick prioritization of evidence |
| 88. | trojan | malware disguised as legitimate |
| 89. | UEFI | modern firmware boot interface |
| 90. | unallocated space | storage not assigned to files |
| 91. | URL | web resource address |
| 92. | UTC | coordinated universal time standard |
| 93. | verification | confirming data matches expected |
| 94. | virtual machine | software-based computer system |
| 95. | volatile memory | memory lost when power stops |
| 96. | VPN | encrypted private network connection |
| 97. | wipe | securely erase stored data |
| 98. | worm | self-spreading malicious program |
| 99. | write blocker | device preventing source changes |
| 100. | YARA | pattern-matching rule language |

