Digital Forensics
Private Investigator
Learn More
Contact Us

Milwaukee Private Investigator Glossary

Milwaukee Private Detective Reveals Meaning behind Technical Terms

Digital Forensic Analysis DuplicatorThe field of digital forensics is flooded with technical jargon and computer engineering terms which may be unfamiliar or difficult to understand for people who don’t have a background in computer science.

Bits and bytes, slack space, unallocated clusters and hashing are all things that might not mean much if you don’t understand them in context, but are among some of the most important concepts which private investigators use to uncover the truth hidden deep under the surface of your computer’s operating system.

Digital Forensics is a Science, Not Magic

Spindletop Investigations wants to foster better understanding of digital forensics as a field of study, put into clear and easy-to-understand language. Find terms in the following glossary to help de-mystify the digital forensics process and give you a clear understanding of the work we do, and how it can be applied to your case.

Absolute Confidentiality for the Length of Your Investigation and Beyond

Spindletop Investigations will never divulge any details of your investigation without first gaining expressed, specific consent from you, the client. There are certain legal requirements to which all Wisconsin private detectives must adhere which may supersede our 100% confidentiality agreement.

Spindletop Investigations will detail these exceptions in full before agreement to begin an investigation is reached.

To get started with your investigation right away, contact the Milwaukee computer forensics examiners at Spindletop Investigations.

Glossary terms

In digital forensics, acquisition is the process of creating an exact bit-by-bit copy of the drive or device which is under examination. Other terms for acquisition include imaging and cloning. As a fail-safe against critical errors corrupting data and destroying evidence, all examinations are made on clones of the source media. Post-mortem a...

Find Out More ►

When you check your hard drive's storage capacity, everything marked as "used space" is what is also known as allocated space. Because of the nature of sectors and clusters, allocated space may contain many bits and bytes of blank data, or partially-deleted files. These remnants exist in what's called slack space. A computer forensics examiner wi...

Find Out More ►

Binary arithmetic was originally described in the 17th Century by German mathematician and philosopher Gottfried Leibniz, but has its roots in the ancient Chinese Zhou dynasty. In computer technology, binary code is a base 2 numbering system of 1s and 0s (as opposed to the base 10 decimal system we're most familiar with) which allows computers to ...

Find Out More ►

Bits are the smallest form of information read by digital devices. In binary code, bits are represented by either a 1 (ON) or 0 (OFF). A collection of 8 bits is called a byte. A kilobyte is 1024 bytes, a megabyte is 1024 kilobytes, and gigabyte is 1024 megabytes, and so on for Tera-, Peta-, Exabytes and larger. A typical 3-minute mp3 song recording...

Find Out More ►

Your computer's operating system reads and stores data as clusters. Clusters are groups of sectors and represent the smallest space your computer will use to store data. In Windows, default cluster sizes range from a single sector (512 bytes) to 64 kilobytes, depending on a number of factors. Even if your file is smaller than the cluster, your oper...

Find Out More ►

Browser cookies are small files which act as a memory bank for websites accessed by a user. For example, Amazon remembers what you had in your shopping cart because it is communicating with the cookie it left in your browser. The cookie file itself is nothing more than a small .txt document. The site you’re visiting will identify any coo...

Find Out More ►

The most important thing to know about digital forensics investigations is delete does not mean "erase". To most of us, pressing Delete or emptying the recycle bin is the bitter end for unwanted files. It disappears from Finder or File Explorer, so it must be gone for good, right? Not to a computer forensic examiner. With our specialized tools, we...

Find Out More ►

Digital forensics is the accepted term for the field of analyzing and recovering files from Windows or Mac-based computer hard drives, iPhones and iPads, Android and Windows smartphones and tablets, even video game systems and standalone GPS units. The term digital forensics grew from the field of computer forensics, to reflect the surge in digital...

Find Out More ►

Electronic discovery, or e-discovery, refers to the process of obtaining and preserving digital evidence for use in a legal proceeding. The specialized hardware and software used by digital forensic examiners ensures the integrity of the information can be verified as original and unaltered, allowing recovered data to be admitted as courtroom evide...

Find Out More ►

Digital encryption allows for the safe transmission of sensitive material between networks. Powerful encryptions are what make it possible for us to shop online with our credit cards, e-file our taxes to the government, even apply for loans or lines of credit without having to leave our homes. Encryption can also be used to hide incriminating files...

Find Out More ►

In many respect, file carving is the heart of computer forensics examination. Digital forensic tools can help automate the process, but it frequently comes down to the skills and training of the analyst. File carving involves a bit-by-bit analysis of the contents of a hard drive, searching for remnants of files which have been marked for deletion. ...

Find Out More ►

GPS is short for Global Positioning System. The GPS system uses a series of satellites to track pinpoint locations of subjects anywhere on or near the Earth. Originally developed in the 1970s for military purposes, personal GPS technology has grown exponentially over the last fifteen years. Almost every, if not all smartphones and tablets manufactu...

Find Out More ►

Hard drives are where all of your saved files, documents, music, pictures, programs, system files and much more are stored. Typical hard drives consist of an aluminum disc with a magnetic coating and a head which allows the computer to read and write to the disc. All data is stored on the disc in binary code: either magnetized (1, or ON), or not ma...

Find Out More ►

Hashing is how we know our data acquisition has produced an exact bit-for-bit duplicate of our source. Hash values are generated mathematically by algorithms. Even the minor changes to data on the drive, like clicking the mouse, will create a radically different hash value. This makes it easy to verify legal evidence has not been compromised or cor...

Find Out More ►

Made popular in the 1990s with programs like ICQ, Yahoo! Instant Messenger, AIM and MSN Messenger (later called Windows Live Messenger), instant messaging programs actually predate the internet as some of the oldest real-time communications systems. The oldest program which could be considered an "instant messenger" dates to the mid-1960s. Along w...

Find Out More ►

An IP, or Internet Protocol address tells a server where a user is in the world, sometimes as accurately as the local ZIP code. Your credit card company, for example, can use this information to determine whether or not someone is trying to use your card fraudulently. If the IP address of the person using your card is outside your normal range, th...

Find Out More ►

In digital forensics analysis, live acquisition is the process of recovering data from a device which is powered up while the acquisition is occurring. This is most-frequently done when analyzing cell phones and tablets. This differs from post-mortem acquisition which is done when power has been removed from the source. Live acquisition must also...

Find Out More ►

Memory is the flip side of storage. While information in storage is considered stable or "involatile", memory is unstable, or volatile, requiring an electrical current to run. The RAM on your computer is an example of memory. A memory cell containing a capacitor and a transistor records binary data as either a high charge (1, or ON) or a low charg...

Find Out More ►

Metadata is supplemental information attached to a file. It literally means "data about data". The first form of metadata most of us learned was in 5th grade, memorizing the Dewey Decimal System and learning about library card catalogues. In a digital file, metadata can record a number of useful facts, including the date and time a file was c...

Find Out More ►

The Operating System, or OS, is the program you're using right now to interact with your computer. Most of you are running a version of Microsoft Windows, whether it be Windows 98, ME, XP, Vista, 7 or 8. Apple's Mac OS X has been growing in popularity over the years, but still trails well behind Windows in market share for personal computers. The ...

Find Out More ►

In digital forensics analysis, post-mortem acquisition is the process of recovering deleted data from a device which is disconnected from its power source. This is the most common form of computer forensics acquisition when dealing with desktop computers and laptops. Typically, the hard drive is removed from the powered-down computer, plugged into...

Find Out More ►

Sectors are the smallest containers computers will use to store data. Your operating system will group sectors together into clusters, which helps speed up the read and write process. Each sector holds up to 512 kilobytes of data. When the operating system saves a file to the hard drive, it will mark the entire cluster as used, or allocated, even ...

Find Out More ►

Since computers store information into sectors, and groups of sectors called clusters, it is rare that a file will fit perfectly into the amount of space it is given. The excess space between the end of the file and the unfilled portion of the file's cluster is called slack space. Slack space is considered allocated space by your computer, but does...

Find Out More ►

Chances are, you own a smartphone. More than 64% of Americans do, and the worldwide smartphone adoption rate is expected to triple between 2014 and 2020. You might wonder what makes a smartphone "smart". While low-end feature phones do provide some access to the internet and popular social media, smartphones are purpose-built for internet access an...

Find Out More ►

Solid-State Drives, or SSD, are a type of hard drive which does not contain a disc. SSDs store data in a similar fashion to memory, but typically have an on-board battery or capacitor, or don't require a persistent electrical current to retain data the way RAM does. SSDs are becoming more common, particularly as high-speed boot drives containing a...

Find Out More ►

Storage describes any medium used to save files for long-term or permanent access. Storage media include your computer's hard drive, USB thumbsticks, memory cards, or optical storage media such as CDs, DVDs or Blu-rays. Unlike memory, storage is considered stable, or "involatile", because it does not require a persistent external electrical current...

Find Out More ►

When you check your hard drive's storage capacity, everything displayed as "free space" is what's also known as the unallocated space. Unallocated space does not mean unused space. When data is written to your hard drive, it is written into sectors to save time. A file may not use an entire sector, but the full capacity of the sector will neverthel...

Find Out More ►

A write blocker must be used in order to preserve the integrity of evidence contained within a hard drive. Without a write blocker, any action taken by a digital forensic examiner will be recorded on the drive, no matter how minor or inconsequential. Even these miniscule changes can cast a shadow of doubt on the investigation and render any evidenc...

Find Out More ►

Private Investigator Services  |  Digital Forensics  |  Find Out More  |  Contact

Call Us Today 414-377-8207


CONFIDENTIALITY DISCLAIMER All information obtained during the course of an investigation will remain confidential and solely between the investigator, Spindletop Investigations, LLC, and the client. However, private investigators are legally required to report any instances of child pornography or sexual crimes against children. Spindletop Investigations may choose to report other potentially serious crimes if they involve the risk of the loss of life. Spindletop Investigations will not pursue any unrelated leads outside the agreed upon scope of the investigation. As part of the consultation, Spindletop Investigations will work with the client in advance to fully define the scope of the investigation as well as all legal exceptions to our confidentiality agreement.

© Spindletop Investigations. Milwaukee, Wisconsin  |  Site map