TALKING THE TALK
Most professions have their own language
or jargon. Doctors and lawyers and engineers all speak in terms that many of us
don’t understand. The various forensics
professions have their own language as
well. For example:
Cyber Forensics
Steganography - The term, which stems from Greek origin, means "concealed writing." In practice it refers
to hiding data within a carrier file. For example, text can be hidden within a picture so the picture can be
transmitted in the clear and the embedded message can go undetected. Some savvy users have managed to
hide small audio files within larger files.
Timestomping - Computer file systems retain time stamps of significant activity. Many systems will record
when a file was created, modified, or last accessed. There is an anti-forensic technique known as timestomping, where a user will deliberately change the time stamps on a computer to hide the trail of actual
events. This practice is employed with some malware in order to make it difficult for incident responders
to find newly created files. Computer forensic examiners can examine the totality of a system to identify
anomalies such as timestomping.
Intrusion Analysis - The practice of examining a computer system and its related artifacts to identify how
an intruder gained access to a computer system or network. Often times the activities that occur after an
intrusion, i.e., the stealing or modifying of information, are detected while the initial intrusion goes unnoticed. Determining the point of origin can take appreciable skill as it is necessary to weed out important facts
from user and system behavior.
Learn more about
Stevenson’s master’s
degree programs in
forensics at the next
Saturday
Information
Session,
November 15.
For more
information or to
register visit
stevenson.edu.
File Signature - Embedded at the top of most files are a series of bytes, usually between two and four, which
are used to associate a file with its respective application. When a file is opened, the signature is examined
by the application to confirm the file type. Data hiding can occur when a user renames a file's extension to a
different value. The file signature will still identify the true nature of the file while the extension suggests a
misleading type. For example, a Microsoft Word document named secret.doc may be renamed to system.dll.
The contents of the file are still a Word document and the file's signature will still be "D0 CF 11 E0".
Forensic Science
Pharmacokinetics - The study that investigates and characterizes drug bio-availability, i.e., the amount of
drug absorbed into the body relative to the amount administered. This study would include the routes of
administration; the rates of absorption and elimination, the time to peak concentration, the relationship
between dose and blood and tissue concentrations, and the rates of metabolism and clearance from the body.
Pharmacodynamics - The study of the time course of drug effects. In other words, how long the effect of
the drug will last per dosage.
Spectrophotometer - A scientific instrument that is used to measure the absorption of frequencies of light
such as UV, visible, an infrared and are generally composed of one or more light sources, a wavelength
selector, sample container, detector, signal processor, and readout devices.
Sympathomimetic Drugs - Drugs that mimic the actions of endogenous neurotransmitters that stimulate
the sympathetic nervous system, such as amphetamine and methamphetamine.
stevenson.edu