E-Discovery Glossary

F

False Negative A result that is not correct because it fails to indicate a match where one exists.

False Positive A result that is not correct because it indicates a match where there is none.

Fast Mode Parallel Port See Port.

FAT (File Allocation Table) An internal data table on hard drives that keeps track of where the files are stored. If a FAT is corrupt, a drive may be unusable, yet the data may be retrievable with forensics. See Cluster.

FAX Short for facsimile. A process of transmitting documents by scanning them to digital, converting to analog, transmitting over phone lines, reversing the process at the other end and printing.

Fiber Optics Transmitting information by sending light pulses over cables made from thin strands of glass.

Field (or Data Field) A name for an individual piece of standardized data, such as the author of a document, a recipient, the date of a document or any other piece of data common to most documents in an image collection, to be extracted from the collection.

Field Separator A code that separates the fields in a record. For example, the CSV format uses a comma as the field separator.

File A collection of data or information stored under a specified name on a disc.

File Compression See Compression.

File Extension Many systems, including DOS and UNIX, allow a filename extension that consists of one or more characters following the proper filename. For example, image files are usually stored as .bmp, .gif, .jpg or .tiff. Audio files are often stored as .aud or .wav. There are a multitude of file extensions identifying file formats. The filename extension should indicate what type of file it is; however, users may change filename extensions to evade firewall restrictions or for other reasons. Therefore, file types should be identified at a binary level rather than relying on file extensions. To research file types, see (http://www.filext.com). Different applications can often recognize only a predetermined selection of file types. See also Format.

File Format The organization or characteristics of a file that determine with which software programs it can be used. See also Format.

File Header See Header.

File Level Binary Comparison Method of deduplication using the digital fingerprint (hash) of a file. File Level Binary comparison ignores metadata, and can determine that "SHOPPING LIST.DOC" and "TOP SECRET.DOC" are actually the same document. See also Data Verification, DeDuplication, Digital Fingerprint, and Hash coding.

File Plan A document containing the identifying number, title, description, and disposition authority of files held or used in an office.

File Server When several or many computers are networked together in a LAN situation, one computer may be utilized as a storage location for files for the group. File servers may be employed to store email, financial data, word processing information or to backup the network. See Server.

File Sharing Sharing files stored on the server among several users on a network.

File Signature See Digital Signature.

File Slack The unused space on a cluster that exists when the logical file space is less than the physical file space. See Cluster.

File System The engine that an operating system or program uses to organize and keep track of ESI. More specifically, the logical structures and software routines used to control access to the storage on a hard disc system and the overall structure in which the files are named, stored, and organized. The file system plays a critical role in computer forensics because the file system determines the logical structure of the hard drive, including its cluster size. The file system also determines what happens to data when the user deletes a file or subdirectory.

File System Metadata Metadata generated by the system to track the demographics (name, size, location, usage, etc.) of the ESI and, not embedded within, but stored externally from the ESI. See also Metadata.

File Table See MFT.

File Transfer The process of moving or transmitting a file from one location to another, as between two programs or from one computer to another.

Filename The name of a file, excluding root drive and directory path information. Different operating systems may impose different restrictions on filenames, for example, by prohibiting use of certain characters in a filename or imposing a limit on the length of a filename. The filename extension should indicate what type of file it is. However, users often change filename extensions to evade firewall restrictions or for other reasons. Therefore, file types must be identified at a binary level rather than relying on file extensions. See also File Extension and Full Path.

FIPS Federal Information Processing Standards issued by the National Institute of Standards and Technology after approval by the Secretary of Commerce pursuant to Section 111(d) of the Federal Property and Administrative Services Act of 1949, as amended by the Computer Security Act of 1987, Public Law 100235.

Firewall A set of related programs, or hardware, that protect the resources of a private network from users from other networks. A firewall filters information to determine whether to forward the information toward its destination.

Filter (verb) See Data Filtering.

Flash Drive See Key Drive.

Flash Memory The ability to retain data even when power is removed; the equivalent to film for digital cameras.

Flat File Flat file is a nonrelational text based file (ie: a word processing document).

Flatbed Scanner A flatsurface scanner that allows users to create a digital image of books and other hard copy documents or objects. See Scanner.

Floppy Disc A thin magnetic film disc housed in a protective sleeve used to copy and transport relatively small amounts of data.

Folder See Directory.

Forensic Copy A forensic copy is an exact copy of an entire physical storage media (hard drive, CDROM, DVDROM, tape, etc.), including all active and residual data and unallocated or slack space on the media. Compresses and encrypts to ensure authentication and protect chain of custody. Forensic copies are often called "image" or "imaged copies." See Bit Stream Backup and Mirror Image.

Forensics The scientific examination and analysis of data held on, or retrieved from, ESI in such a way that the information can be used as evidence in a court of law. It may include the secure collection of computer data; the examination of suspect data to determine details such as origin and content; the presentation of computer based information to courts of law; and the application of a country"s laws to computer practice. Forensics may involve recreating "deleted" or missing files from hard drives, validating dates and logged in authors/editors of documents, and certifying key elements of documents and/or hardware for legal purposes.

Form of Production The manner in which requested documents are produced. Used to refer both to file format (e.g., native vs. imaged format) and the media on which the documents are produced (paper vs. electronic).

Format (noun) The internal structure of a file, which defines the way it is stored and used. Specific applications may define unique formats for their data (e.g., "MS Word document file format"). Many files may only be viewed or printed using their originating application or an application designed to work with compatible formats. There are several common email formats, such as Outlook and Lotus Notes. Computer storage systems commonly identify files by a naming convention that denotes the format (and therefore the probable originating application). For example, "DOC" for Microsoft Word document files; "XLS" for Microsoft Excel spreadsheet files; "TXT" for text files; "HTM" for Hypertext Markup Language (HTML) files such as web pages; "PPT" for Microsoft Powerpoint files; "TIF" for tiff images; "PDF" for Adobe images; etc. Users may choose alternate naming conventions, but this will likely affect how the files are treated by applications.

Format (verb) To make a drive ready for first use. Erroneously thought to "wipe" drive. Typically, only overwrites FAT, but not files on the drive.

Forms Processing A specialized imaging application designed for handling preprinted forms. Forms processing systems often use highend (or multiple) OCR engines and elaborate data validation routines to extract handwritten or poor quality print from forms that go into a database.

Fragmented In the course of normal computer operations when files are saved, deleted or moved, the files or parts thereof may be broken into pieces, or fragmented, and scattered in various locations on the computer"s hard drive or other storage medium, such as removable discs. Data saved in contiguous clusters may be larger than contiguous free space, and it is broken up and randomly placed throughout the available storage space. See DeFragment.

FTP (File Transfer Protocol) An Internet protocol that enables the transfer of files between computers over a network or the Internet.

Full Duplex Data communications devices that allow full speed transmission in both directions at the same time.

Full Path A path name description that includes the drive, starting or root directory, all attached subdirectories and ending with the file or object name.

FullText Indexing Every word in the ESI is indexed into a master word list with pointers to the location within the ESI where each occurrence of the word appears.

FullText Search The ability to search ESI for specific words, numbers and/or combinations or patterns thereof.

Fuzzy Search Subjective content searching (as compared to word searching of objective data). Fuzzy Searching lets the user find documents where word matching does not have to be exact, even if the words searched are misspelled due to optical character recognition (OCR) errors. This search locates all occurrences of the search term, as well as words that are "close" in spelling to the search term.