Computer Evidence Glossary

         A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

SaaS (Software as a Service): Software application delivery model where a software vendor develops a web­native software application and hosts and operates (either independently or through a third­party) the application for use by its customers over the Internet. Customers pay not for owning the software itself but for using it. See Application Service Provider.

Sampling: Sampling usually (but not always) refers to the process of testing a database or a large volume of ESI for the existence or frequency of relevant information. It can be a useful technique in addressing a number of issues relating to litigation, including decisions about what repositories of data are appropriate to search in a particular litigation, and determinations of the validity and effectiveness of searches or other data extraction procedures.

Sampling Rate: The frequency at which analog signals are converted to digital values during digitization. The higher the rate, the more accurate the process.

SAN (Storage Area Network): A high­speed subnetwork of shared storage devices. A storage device is a machine that contains nothing but a disc or discs for storing data. A SAN’s architecture works in a way that makes all storage devices available to all servers on a LAN or WAN. As more storage devices are added to a SAN, they too will be accessible from any server in the larger network. In this case, the server merely acts as a pathway between the end user and the stored data. Because stored data does not reside directly on any of a network’s servers, server power is utilized for business applications, and network capacity is released to the end user. See also Network.

SAS­70: Statement on Auditing Standards (SAS) No. 70, Service Organizations ­­an auditing standard developed by the American Institute of Certified Public Accountants (AICPA), which includes and examination of an entity’s “controls” over information technology and related processes.

SAS­70 Assessment: Application of the standards of SAS­70 to demonstrate adequate controls and safeguards are in place for hosted or processed data.

Scalability: The capacity of a system to expand without requiring major reconfiguration or re­entry of data. For example, multiple servers or additional storage can be easily added.

Scale­to­Gray: An option to display a black and white image file in an enhanced mode, making it easier to view. A scale­to­gray display uses gray shading to fill in gaps or jumps (known as aliasing) that occur when displaying an image file on a computer screen. Also known as grayscale.

Scanner: An input device commonly used to convert paper documents into images. Scanner devices are also available to scan microfilm and microfiche. See Flatbed Scanner.

Scanning Software: Software that enables a scanner to deliver industry standard formats for images in a collection. Enables the use of OCR and coding of the images.

Schema: A set of rules or conceptual model for data structure and content, such as a description of the data content and relationships in a database.

Scroll Bar: The bar on the side or bottom of a window that allows the user to scroll up and down through the window’s contents. Scroll bars have scroll arrows at both ends, and a scroll box, all of which can be used to scroll around the window.

SCSI (Small Computer System Interface): Pronounced “skuzzy.” A common, industry standard, electronic interface (highway) between computers and peripherals, such as hard discs, CD­ROM drives and scanners. SCSI allows for up to 7 devices to be attached in a chain via cables. As of this writing, the current SCSI standard is “SCSI II,” also known as “Fast SCSI.”

SDLT (Super DLT): A type of backup tape that can hold up to 300 GB or 450 CDs, depending on the data file format. See DLT.

Search: See Compliance Search, Concept Search, Contextual Search, Boolean Search, Full­Text Search, Fuzzy Search, Index, Keyword Search, Pattern Recognition, Proximity Search, QBIC, Sampling, and Search Engine.

Search Engine: A program that enables search for keywords or phrases, such as on web pages throughout the World Wide Web, e.g. Google, Lycos, etc.

Sector: A sector is normally the smallest individually addressable unit of information stored on a hard drive platter, and usually holds 512 bytes of information. Sectors are numbered sequentially starting with 1 on each individual track. Thus, Track 0, Sector 1 and Track 5, Sector 1 refer to different sectors on the same hard drive. The first PC Hard discs typically held 17 sectors per track. Today, they can hold thousands of sectors per track.

Serial Line Internet Protocol (SLIP): A connection to the Internet in which the interface software runs in the local computer, rather than the Internet’s.

Serial Port: See Port.

Serif: The little cross bars or curls at the end of strokes on certain type fonts.

Server: Any central computer on a network that contains ESI or applications shared by multiple users of the network on their client PCs. A computer that provides information to client machines. For example, there are web servers that send out web pages, mail servers that deliver email, list servers that administer mailing lists, FTP servers that hold FTP sites and deliver ESI to requesting users, and name servers that provide information about Internet host names. See File Server.

Service­Level Agreement: A service­level agreement is a contract that defines the technical support or business parameters that a service provider or outsourcing firm will provide its clients. The agreement typically spells out measures for performance and consequences for failure.

Session: A lasting connection, usually involving the exchange of many packets between a user or host and a server, typically implemented as a layer in a network protocol, such as telnet or FTP.

SGML/HyTime: A multimedia extension to SGML, sponsored by DoD.

SHA­1: Secure Hash Algorithm, for computing a condensed representation of a message or a data file specified by FIPS PUB 180­1. See Hash.

Signature: See Certificate.

SIMM (Single, In­Line Memory Module): A mechanical package (with “legs”) used to attach memory chips to printed circuit boards.

Simplex: One­sided page(s) Single Instance Storage: When several files in a computer filesystem contain exactly the same data, single instance storage can replace the references to these identical files by references to a single stored copy of the file. This can potentially save large amounts of disk space in systems with many copies of the same file. Microsoft Exchange can use single instance storage to eliminate redundant copies of a message. The reduction occurs at the Microsoft Exchange Store level, so when mailboxes that receive a given message exist across Exchange Stores, each store will have one copy of the message.

Skewed: Tilted images. See De­skewing.

Slack/Slack Space: The unused space on a cluster that exists when the logical file space is less than the physical file space. Also known as file slack. A form of residual data, the amount of on­disc file space from the end of the logical record information to the end of the physical disc record. Slack space can contain information soft­deleted from the record, information from prior records stored at the same physical location as current records, metadata fragments, and other information useful for forensic analysis of computer systems. See Cluster.

Smart Card: A credit card size device that contains a microprocessor, memory and a battery.

SMTP (Simple Mail Transfer Protocol): The protocol widely implemented on the Internet for exchanging email messages.

Snapshot: See Bit Stream Backup.

Software application: See Application and Software.

Software: Any set of coded instructions (programs) stored on computer­readable media that tells a computer what to do. Includes operating systems and software applications.

Speckle: Imperfections in an image as a result of scanning paper documents that do not appear on the original. See De­speckling.

Splatter: ESI that should be kept on one disc of a jukebox goes instead to multiple platters.

Spoliation: Spoliation is the destruction of records or properties, such as metadata,that may be relevant to ongoing or anticipated litigation, government investigation or audit. Courts differ in their interpretation of the level of intent required before sanctions may be warranted.

SPP (Standard Parallel Port): See Port.

Spyware: A data collection program that secretly gathers information about the user and relays it to advertisers or other interested parties. Adware usually displays banners or unwanted pop­up windows, but often includes spyware as well. See Malware.

SQL (Structured Query Language): A standard fourth generation programming language (4GL ­a programming language that is closer to natural language and easier to work with than a high­level language). The popular standard for running database searches (queries) and reports.

Stand­Alone Computer: A personal computer that is not connected to any other computer or network, except possibly through a modem.

Standard Generalized Markup Language (SGML): An informal industry standard for open systems document management that specifies the data encoding of a document’s format and content. Has been virtually replaced by XML.

Status Bar: A bar at the bottom of a window that is used to indicate the status of a task. For example, when an email message is sent, the status bar will fill with dots indicating that a message is being sent.

Steganography: The hiding of information within a more obvious kind of communication. Although not widely used, digital steganography involves the hiding of data inside a sound or image file. Steganalysis is the process of detecting steganography by looking at variances between bit patterns and unusually large file sizes.

Storage Device: A device capable of storing ESI. The term usually refers to mass storage devices, such as disc and tape drives.

Storage Media: See Magnetic or Optical Storage Media.

Streaming Indexing: Real­time or near real­time, indexing of data as it being moved from one storage medium to another.

Structured Data: Data stored in a structured format, such as databases or data sets. Contrast to Unstructured Data.

Subjective Coding: The coding of a document using legal interpretation as the data that fills a field, versus objective data that is readily apparent from the face of the document, such as date, type, author, addresses, recipients and names mentioned. Usually performed by paralegals or other trained legal personnel.

Subtractive Colors: Since the colors of objects are white light minus the color absorbed by the object, they are called subtractive. This is how ink on paper works. The subtractive colors of process ink are CMYK (Cyan, Magenta, Yellow and Black) and are specifically balanced to match additive colors (RGB).

Suspension Notice, Suspension Order: See Legal Hold.

SVGA (Super Video Graphics Adapter): A graphics adapter one that exceeds the minimum VGA standard of 640 by 480 by 16 colors. Can reach 1600 by 1280 by 256 colors.

Swap File: A file used to temporarily store code and data for programs that are currently running. This information is left in the swap file after the programs are terminated, and may be retrieved using forensic techniques. Also referred to as a page file or paging file.

System: A system is: (1) a collection of people, machines, and methods organized to perform specific functions; (2) an integrated whole composed of diverse, interacting, specialized structures and sub­functions; and/or (3) a group of sub­systems united by some interaction or interdependence, performing many duties, but functioning as a single unit.

System Administrator (“sysadmin,” or “sysop”): The person in charge of keeping a network working.

System Files: Files allowing computer systems to run; non­user­created files.

System Metadata: See File System Metadata.

Glossary - Courtesy of The Sedona Conference^®