loader image
Skip to main content
Home Instructor-Led Training Echothis CSI Linux Pro Shop

Site Glossary

Completion requirements
Printer-friendly version

Browse the glossary using this index

Special | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | ALL

Page:  1  2  3  4  5  6  (Next)
  ALL

C

Call Sign

An identifier used in radio communications to indicate a station or unit. Call signs can support traffic analysis, unit identification, and network mapping, but can be changed or spoofed depending on the system and operator discipline.

Case Intake

The initial process of receiving a complaint or referral and documenting key facts, involved parties, known devices/accounts, suspected offenses, and urgency. In digital investigations, intake should capture platform names, URLs, identifiers, time zones, and preservation needs.

Case Number

A unique identifier assigned to an investigation for tracking reports, evidence, warrants, and communications. Case numbers should appear consistently on evidence packaging, forensic images, reports, and disclosure material to prevent mix-ups and maintain traceability.

Cell Site Location Information (CSLI)

Location-related records derived from a mobile device’s interaction with cellular towers. CSLI may be historical or near real-time depending on legal authority and provider capability, and it is frequently used to place a device within an approximate area at a specific time.

Certificate Authority (CA)

A trusted organization that validates identities and signs digital certificates. Trust in PKI depends on CA security, proper issuance practices, and mechanisms for revoking compromised or misissued certificates.

Certificate Revocation List (CRL)

A list published by a CA containing certificates that have been revoked before expiration. Systems can check CRLs to determine whether a certificate should still be trusted.

Certification of Records

A statement (often signed) from a custodian of records attesting that produced records are authentic business records. Certifications can support admissibility by establishing that records were kept in the ordinary course of business.

ChaCha20-Poly1305

ChaCha20-Poly1305 is an AEAD construction that combines the ChaCha20 stream cipher with the Poly1305 authenticator. It is widely used in TLS and is particularly performant on systems without AES hardware acceleration.

Chain of Custody

A chain of custody refers to the documentation and tracking of evidence in a criminal investigation or legal case. It is a record of the handling and movement of evidence from the time it is collected until it is presented in court.

The chain of custody is important because it helps to establish the authenticity and integrity of the evidence. It ensures that the evidence has not been tampered with or contaminated and that it can be accurately linked to the crime or legal matter in question.

Examples of evidence that may require a chain of custody include physical items like fingerprints, DNA samples, drugs, weapons, or documents. It is also necessary for digital evidence like emails, texts, or social media posts.

To maintain a chain of custody, the following steps must be followed:

  1. Evidence is collected by a trained and authorized individual, such as a police officer or forensic investigator.
  2. The evidence is properly packaged and labeled, including information about who collected it, where and when it was collected, and what it is.
  3. The evidence is transferred to a secure location, such as a police station or laboratory, where it is stored in a controlled environment to prevent tampering or contamination.
  4. The evidence is examined and analyzed by qualified professionals using established protocols and procedures.
  5. The results of the examination are documented and reported in a detailed and accurate manner.
  6. The evidence is securely transported to court when it is needed as part of a legal case.

Throughout the process, the chain of custody is carefully documented and tracked, including information about who handled the evidence, where it was stored, and when it was moved. This helps to ensure that the evidence is reliable and can be used in court to support a criminal conviction or legal ruling.

It is important to maintain a thorough and accurate chain of custody in order to establish the authenticity and reliability of the evidence. Any breaks in the chain of custody, such as evidence being left unsecured or handled by unauthorized personnel, can compromise the integrity of the evidence and potentially impact the outcome of a case.

A chain of custody is a document that outlines the handling and control of physical or digital evidence in a forensic investigation. It is used to maintain the integrity of the evidence and to ensure that it is admissible in court.

In the field of digital forensics and incident response (DFIR), a chain of custody is used to track the handling of digital evidence from the time it is collected until it is presented in court. The chain of custody should include information about who collected the evidence, when it was collected, how it was collected, and where it has been stored.

For example, if a forensic analyst collects a suspect's computer as evidence, the chain of custody would include the following information:

  • The date and time the computer was collected
  • The name of the forensic analyst who collected the computer
  • The location where the computer was collected
  • A description of the computer and any identifying information, such as the serial number
  • The steps taken to secure and transport the computer, including any precautions taken to prevent contamination of the evidence
  • The name of the person who received the computer at the forensic laboratory

It is important to maintain a thorough and accurate chain of custody in order to ensure the integrity of the evidence and to establish that it has not been tampered with or altered in any way.

In addition to maintaining a chain of custody, forensic analysts should also follow standard operating procedures (SOPs) in order to ensure that the evidence is handled properly and that the results of the forensic analysis are reliable. SOPs outline the steps that should be taken to collect, preserve, and analyze digital evidence in a consistent and repeatable manner.

Overall, a chain of custody and adherence to SOPs are important for ensuring the integrity and admissibility of digital evidence in a forensic investigation.




Change Address

A wallet-controlled address receiving ‘change’ from a transaction when inputs exceed the intended payment amount (common in UTXO systems).

Page:  1  2  3  4  5  6  (Next)
  ALL