Glossary of Terms

Definitions for forensic, legal, and technical terminology used in Eviquire.

A

Acquisition Session

A structured and documented process during which web-based evidence is collected from a target system. It includes defined objectives, tools, legal compliance, and integrity verification to ensure evidence is admissible in court.

Active Content

Dynamic elements of a webpage (e.g., JavaScript, AJAX) that change based on user interaction or time, often requiring special handling during forensic acquisition.

Analysis (Forensic Analysis)

The process of examining collected web evidence to identify relevant information, reconstruct events, and support investigative conclusions.

Artifact (Web Artifact)

Any piece of data generated by web activity that can serve as evidence, including browser history, cookies, network logs, or screenshots.

Autoscroll Capture

A technique used to automatically scroll through a webpage to capture dynamically loaded or hidden content during acquisition.

B

Browser Profile

A collection of user-specific data stored by a web browser, including history, cookies, sessions, extensions, and cached files.

Browser Forensics

The sub-discipline of digital forensics focused on analyzing browser data to reconstruct user activity and interactions with web services.

C

Chain of Custody

A documented record of how evidence was collected, handled, transferred, and stored, ensuring its integrity and admissibility in legal proceedings.

Client-Side Rendering

A web rendering approach where content is generated dynamically in the browser using JavaScript, posing challenges for forensic acquisition.

Crawler (Web Crawler)

An automated tool that systematically browses websites to collect pages, resources, and metadata for analysis.

Cryptographic Hash

A unique digital fingerprint (e.g., SHA-256) used to verify the integrity of collected evidence.

D

Dark Web

A part of the internet accessible through anonymizing networks like Tor, often used for anonymous communication and illicit activities.

Data Integrity

The assurance that digital evidence has not been altered or tampered with since collection.

Dynamic Content

Web content that changes based on user interaction, time, or server responses, requiring advanced acquisition techniques.

E

Evidence Preservation

The process of maintaining collected data in its original state to ensure reliability and admissibility.

Evidence Package

A structured collection of forensic artifacts (screenshots, logs, network captures, metadata) compiled for analysis and reporting.

F

Forensically Sound

A standard indicating that evidence has been collected and handled in a way that preserves its integrity and reliability.

Full-Page Capture (Pageshot)

A method of capturing the entire webpage, including content beyond the visible screen.

H

Hashing

The process of generating a cryptographic value from data to verify integrity and detect changes.

HTTP/HTTPS

Protocols used for web communication. HTTPS provides encrypted communication via TLS.

I

Indicator of Compromise (IoC)

Evidence suggesting a system or network has been breached, such as malicious domains or suspicious traffic patterns.

Internet Archive (Wayback Machine)

A service that stores historical snapshots of websites, used in forensic investigations for past content analysis.

J

JavaScript Execution

The process of running scripts within a webpage, often required to fully render dynamic content during forensic acquisition.

L

Live Acquisition

The process of collecting evidence from an active system or live web environment in real time.

Log Data

Records of events generated by systems, applications, or network devices, often used in forensic analysis.

M

Metadata

Data describing other data, such as timestamps, URLs, IP addresses, and file properties.

Man-in-the-Middle (MITM) Attack

An attack where an adversary intercepts communication between two parties, often detectable through network forensic analysis.

N

Network Traffic Capture

The process of recording data packets transmitted over a network for analysis.

Network Protocol

Rules governing communication between devices (e.g., HTTP, DNS, FTP).

O

OSINT (Open Source Intelligence)

The collection and analysis of publicly available information from online sources.

P

Pageshot

A full-page visual capture of a webpage, including off-screen content.

Packet

A unit of data transmitted over a network.

Preservation

The process of securely storing evidence to maintain its integrity.

R

Robots.txt

A file used by websites to instruct crawlers which pages should not be indexed or accessed.

Replay (Session Replay)

The ability to reproduce a recorded web session to verify actions and evidence.

S

Screenshot

A static image capturing visible screen content at a specific moment.

Session Isolation

A technique ensuring that the acquisition environment is clean and unaffected by prior browsing activity.

SSL/TLS Certificate

A digital certificate used to authenticate a website and encrypt communications.

T

Tor Network

An anonymizing network that routes traffic through multiple encrypted nodes to conceal user identity.

Timestamping (Cryptographic Timestamp)

A method of proving when data was created or collected using cryptographic techniques.

V

Video Capture (Screen Recording)

Recording of screen activity to document user interactions and dynamic content over time.

Volatile Data

Data that can change quickly or be lost (e.g., live sessions, RAM data, dynamic web content).

W

Web Forensics

A branch of digital forensics focused on collecting, preserving, analyzing, and presenting evidence from web-based sources.

Web Crawling

Automated browsing and collection of website content and metadata.

WHOIS Records

Information about domain ownership, registration, and administrative details.