Cybersecurity Glossary: Over 100 Essential Terms for Legal Professionals

Cybersecurity and Digital Forensics Glossary

This comprehensive glossary provides definitions for over 100 technical terms that legal professionals encounter in cybersecurity, digital forensics, incident response, and technology litigation cases.

Cyber Threats and Attacks

Advanced Persistent Threat (APT): Prolonged and targeted cyberattack where intruders establish a presence on a network to steal sensitive data over an extended period.

Botnet: Network of compromised computers controlled remotely by attackers to launch distributed attacks, send spam, or mine cryptocurrency.

Brute Force Attack: Method of defeating authentication by systematically trying all possible password combinations until the correct one is found.

Credential Stuffing: Automated injection of stolen username/password pairs to fraudulently gain access to user accounts.

Cryptojacking: Unauthorized use of someone's computer to mine cryptocurrency without their knowledge or consent.

Distributed Denial of Service (DDoS): Attack that overwhelms a target system with traffic from multiple sources, making it unavailable to legitimate users.

Exploit: Code that takes advantage of a software vulnerability to gain unauthorized access or cause unintended behavior.

Keylogger: Software or hardware device that records keystrokes on a computer, often used to steal passwords and sensitive information.

Malware: Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems, including viruses, worms, trojans, and ransomware.

Man-in-the-Middle (MITM) Attack: Interception of communications between two parties where the attacker secretly relays and potentially alters messages.

Phishing: Fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity in electronic communication.

Ransomware: Malicious software that encrypts victim's data and demands payment for the decryption key.

Social Engineering: Psychological manipulation of people into performing actions or divulging confidential information.

Spear Phishing: Targeted phishing attack directed at specific individuals or organizations, often using personalized information.

Trojan Horse: Malicious program disguised as legitimate software that provides backdoor access to attackers.

Watering Hole Attack: Compromise of websites frequently visited by target victims to infect their systems.

Zero-Day Exploit: Attack that targets a previously unknown vulnerability before the vendor has released a patch.

Digital Forensics Terms

Acquisition: Process of creating a forensically sound copy of digital evidence from the original source.

Bit-by-Bit Copy: Exact duplicate of a storage device including all data and unallocated space, also called forensic image.

Chain of Custody: Documented chronological record tracking the seizure, custody, control, transfer, analysis, and disposition of evidence.

Deleted File Recovery: Techniques for recovering files that have been removed from a file system but whose data still exists on the storage media.

EnCase: Industry-standard digital forensics software platform for evidence collection, preservation, and analysis.

File Carving: Data recovery technique that reconstructs files from raw data without relying on file system metadata.

Forensic Toolkit (FTK): Comprehensive digital forensics software for investigating computers and mobile devices.

Hash Value: Unique digital fingerprint of a file used to verify data integrity and identify files, commonly MD5 or SHA-256.

Logical Extraction: Collection of specific files and folders from a device rather than complete physical contents.

Metadata: Information about data, including file creation dates, modification dates, author information, and location data.

Physical Extraction: Complete bit-by-bit copy of a storage device including deleted data and unallocated space.

Slack Space: Unused space in a file system cluster that may contain fragments of deleted data.

Steganography: Practice of concealing messages or files within other non-secret data, such as hiding data in images.

Timeline Analysis: Chronological reconstruction of events based on file system timestamps and other temporal data.

Write Blocker: Hardware or software tool that prevents any modification to storage media during forensic acquisition.

Incident Response

Containment: Actions taken to limit the scope and magnitude of a security incident and prevent further damage.

Eradication: Process of removing malware, malicious access, and other artifacts of an incident from affected systems.

Indicators of Compromise (IoC): Forensic artifacts suggesting a system has been breached, such as unusual network traffic or file modifications.

Incident Response Plan: Documented procedures for detecting, responding to, and recovering from security incidents.

Recovery: Restoration of systems and services to normal operations following a security incident.

Root Cause Analysis: Investigation to determine the underlying reason for a security incident.

Security Information and Event Management (SIEM): Centralized platform for collecting, analyzing, and responding to security events across an organization.

Threat Hunting: Proactive search through networks and systems to detect and isolate advanced threats that evade automated detection.

Triage: Initial assessment of an incident to determine severity, scope, and appropriate response priority.

Data Recovery and Storage

Data Remanence: Residual representation of data that remains even after attempts have been made to remove or erase it.

Degaussing: Process of reducing magnetic fields on storage media to erase data.

File System Journal: Log of changes to a file system that can be used for recovery and forensic analysis.

RAID (Redundant Array of Independent Disks): Data storage technology that combines multiple disk drives for performance or redundancy.

Secure Deletion: Process of overwriting data multiple times to prevent recovery, as opposed to standard deletion.

Unallocated Space: Portions of a storage device not currently assigned to any file, often containing deleted data.

Volume Shadow Copy: Windows feature that creates backup snapshots of files and folders at specific points in time.

File Systems and Operating Systems

APFS (Apple File System): Modern file system used by Apple devices, featuring encryption, snapshots, and space sharing.

ext4: Fourth extended file system, commonly used in Linux operating systems.

FAT32: Legacy file system with limitations but wide compatibility across devices.

HFS+ (Mac OS Extended): Older Apple file system used before APFS, still found on older Mac devices.

NTFS (New Technology File System): Windows file system supporting large files, permissions, and journaling.

Registry (Windows): Hierarchical database storing configuration settings and options for Windows operating systems.

Prefetch: Windows feature that tracks application usage to optimize loading times, valuable for forensic analysis.

Network Forensics

Deep Packet Inspection (DPI): Network traffic analysis examining data within network packets beyond header information.

NetFlow: Cisco protocol for collecting IP traffic information and monitoring network flow data.

Packet Capture (PCAP): Recording of network traffic data for analysis, typically using tools like Wireshark.

Port Scanning: Technique of probing a server or host for open network ports.

Mobile Forensics

Android Debug Bridge (ADB): Command-line tool for communicating with Android devices, used in forensic examinations.

Cellebrite: Leading mobile forensic extraction and analysis platform.

Chip-Off: Physical extraction technique involving removing storage chips from mobile devices.

iOS: Apple's mobile operating system with strong encryption requiring specialized forensic techniques.

JTAG (Joint Test Action Group): Hardware interface used for advanced mobile device data extraction.

Encryption and Cryptography

AES (Advanced Encryption Standard): Symmetric encryption algorithm widely used for securing data.

Asymmetric Encryption: Cryptographic system using pairs of keys (public and private) for encryption and decryption.

BitLocker: Microsoft's full-disk encryption feature for Windows systems.

Certificate Authority: Trusted entity that issues digital certificates verifying identity and enabling encrypted communications.

End-to-End Encryption: Communication encryption where only sender and recipient can decrypt messages, not intermediaries.

FileVault: Apple's full-disk encryption technology for macOS systems.

Public Key Infrastructure (PKI): Framework for creating, distributing, and managing digital certificates and public-key encryption.

SSL/TLS (Secure Sockets Layer/Transport Layer Security): Cryptographic protocols for secure communication over networks.

Authentication and Access Control

Biometric Authentication: Identity verification using biological characteristics like fingerprints, facial recognition, or iris scans.

Multi-Factor Authentication (MFA): Security process requiring multiple methods of verification from independent categories of credentials.

OAuth: Open standard for access delegation commonly used for token-based authentication.

Single Sign-On (SSO): Authentication scheme allowing users to access multiple applications with one set of login credentials.

Zero Trust Architecture: Security model requiring verification for every person and device attempting to access network resources.

Compliance and Legal Frameworks

CCPA (California Consumer Privacy Act): California law governing consumer data privacy rights and business obligations.

Daubert Standard: Federal standard for admissibility of expert testimony based on scientific validity and relevance.

GDPR (General Data Protection Regulation): European Union regulation governing data protection and privacy.

HIPAA (Health Insurance Portability and Accountability Act): U.S. law protecting sensitive patient health information.

PCI DSS (Payment Card Industry Data Security Standard): Security standards for organizations handling credit card information.

SOC 2 (Service Organization Control 2): Audit framework for service organizations regarding security, availability, and confidentiality.

Cloud and Virtualization

Container: Lightweight, standalone executable package containing everything needed to run software.

Hypervisor: Software layer that creates and runs virtual machines.

Infrastructure as a Service (IaaS): Cloud computing model providing virtualized computing resources over the internet.

Snapshot: Point-in-time copy of a virtual machine or cloud storage state.

Virtual Machine (VM): Software emulation of a physical computer running an operating system and applications.

Email and Communication Forensics

Email Header Analysis: Examination of email routing information to verify authenticity and trace origins.

PST/OST Files: Microsoft Outlook data files containing emails, contacts, and calendar information.

X-Headers: Additional email headers providing routing, authentication, and filtering information.

Additional Technical Terms

API (Application Programming Interface): Set of protocols and tools for building software applications.

Firewall: Network security system monitoring and controlling incoming and outgoing traffic based on security rules.

Intrusion Detection System (IDS): Security technology monitoring network traffic for suspicious activity.

Penetration Testing: Authorized simulated cyberattack to evaluate system security.

Sandbox: Isolated testing environment for safely executing suspicious code.

Vulnerability Assessment: Systematic review of security weaknesses in systems and networks.

Web Application Firewall (WAF): Security layer protecting web applications from attacks.

Conclusion for Legal Professionals

Understanding these technical terms enables attorneys to effectively communicate with forensic experts, comprehend expert reports, conduct informed discovery, and present technology evidence to courts and juries. As technology continues evolving, maintaining familiarity with cybersecurity and digital forensics terminology becomes increasingly essential for modern legal practice.