EDRM Collection Standards Glossary

The EDRM Collection Standards Glossary is a glossary of terms defined as part of the EDRM Collection Standards.

Bitstream Image

  • A sector-by-sector, bit-by-bit copy of a physical hard drive or a logical drive.
  • See Bitstream copy: Bit stream backup (also referred to as mirror image backup) involves the backup of all areas of a computer hard disk drive or another type of storage media. Such a backup exactly replicates all sectors on a given storage device. Thus, all files and ambient data storage areas are copied. Bit stream backups – sometimes also referred to as “evidence grade” backups – differ substantially from traditional computer file backups and network server backups.

Certified Forensic Examiner

A person holding one of a number of commonly recognized certifications in the field. Due to a lack of industry wide certifications it is critical to research the certifications and any requirements within your state or jurisdiction.

Clean Install

A clean install is a software installation in which any previous version is eradicated. The alternative to a clean install is an upgrade, in which elements of a previous version remain.

Copy/paste

To copy a piece of data to a temporary location and then make a new copy of the object in a new location. This is usually done by clicking the right mouse button while holding the mouse cursor over the relevant file and then clicking “copy” from the menu that appears. The mouse pointer is then moved to the destination location, a right mouse click brings up the same function menu and “paste” is selected to copy the file(s) to the new location.

Database Administrator

A database administrator (short form DBA) is a person responsible for the installation, configuration, upgrade, administration, monitoring and maintenance of databases in an organization.

DBX

Microsoft Outlook Express stores your messages in a folder that contains several different .dbx files. These files (folders.dbx, inbox.dbx, outbox.dbx) contain all your messages.

dd file

A “dd” file is a raw image file created using the dd forensic imaging tool, a command line program that uses command line arguments to control the imaging process.

Drag-and-drop

  • A common way to move or copy a file or folder is to highlight it and literally “drag” a copied version of it to another location. First the mouse would be used to highlight the file. Then while holding down the left mouse button, the name of the file would be dragged to a new location. In the background, the operating system creates a new copy and places it in the new location. For example, you can drag a file to the Recycle Bin to delete the file, or to a folder to copy or move it to that location.
  • The movement of on-screen objects by dragging them across the screen with the mouse.

.E01 File

“.E01” is a legacy EnCase evidence file format. An “.E01” file is a byte-for-byte representation of a physical device or a logical volume.

EML

  • EML is a file extension for an e-mail message saved to a file in the MIME RFC 822 standard format by Microsoft Outlook Express as well as some other email programs.
  • A single RFC822 mail file message.
  • An email file format, usually containing a single email message.
Page 1 of 3123

Contributors

  • Julie Brown, Vorys (project lead)
  • Teri Christensen, Faegre Baker Daniels
  • Kevin Clark
  • Justin Coffey
  • Sean d’Albertis, Faegre Baker Daniels
  • Kevin Esposito
  • Faisal Habib, AccessData Group
  • Valerie Lloyd, Excel Energy
  • Rick Nalle, KPMG
  • Andrea Donovan Napp, Robinson & Cole
  • John Wilson