|
US$419.00 ยท In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email.
GA/T 1568-2019: Forensic sciences - Terminology for electronic evidence examination
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GA/T 1568-2019 | English | 419 |
Add to Cart
|
4 days [Need to translate]
|
Forensic sciences - Terminology for electronic evidence examination
| Valid |
GA/T 1568-2019
|
PDF similar to GA/T 1568-2019
Basic data | Standard ID | GA/T 1568-2019 (GA/T1568-2019) | | Description (Translated English) | Forensic sciences - Terminology for electronic evidence examination | | Sector / Industry | Public Security (Police) Industry Standard (Recommended) | | Classification of Chinese Standard | A90 | | Classification of International Standard | 12.310 | | Word Count Estimation | 18,148 | | Date of Issue | 2019 | | Date of Implementation | 2019-06-15 | | Issuing agency(ies) | Ministry of Public Security | GA/T 1568-2019: Forensic sciences - Terminology for electronic evidence examination---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Forensic sciences-Terminology for electronic evidence examination
ICS 12.310
A 90
GA
People's Republic of China Public Safety Industry Standard
Forensic Science Electronic Evidence Inspection Terms
Published by the Ministry of Public Security of the People's Republic of China
Foreword
This standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Please note that some elements of this document may involve patents. Publication of this document
The agency is not responsible for identifying these patents.
This standard was proposed by the National Technical Committee for Criminal Technical Standardization of Electronic Material Evidence Inspection Sub-Committee (SAC/TC 179/SC 7).
This standard is under the jurisdiction of the National Criminal Technology Standardization Technical Committee (SAC/TC 179).
This standard was drafted. Material Evidence Identification Center of the Ministry of Public Security, Procuratorate Technology Information Research Center of the Supreme People's Procuratorate, and Ministry of Public Security
Reconnaissance Technology R & D Center, Heilongjiang Provincial Public Security Department, Beijing Public Security Bureau, China Criminal Police Academy.
The main drafters of this standard. Yin Chunshe, Zhang Guochen, Liu Xiaoyu, Li Yunce, Chu Chuanhong, Xing Guidong, Kang Yanrong, Wang Hongqing,
Zhu Xiuyun and Tang Yanjun.
Forensic Science Electronic Evidence Inspection Terms
1 Scope
This standard specifies the terms for electronic physical evidence inspection.
This standard applies to electronic physical evidence inspection in the field of forensic science.
2 terms and definitions
2.1
Electronic data
Numbers that are formed during the occurrence of a case (event), are stored, processed, and transmitted in digital form, and can prove the facts
according to.
2.2
Electronic evidence
Storage media and electronic data related to the case.
2.3
Original electronic data
Electronic data contained in the materials or samples submitted for inspection.
2.4
Duplication of electronic data
Through bit-by-bit copying, data that is completely consistent with the copied data is obtained.
2.5
Storage medium
Electronic devices, hard disks, compact discs, USB flash drives, memory sticks, memory cards, memory chips and other carriers with data information storage functions.
2.6
Harddisk interface
A connection part that transfers data between a hard disk and a computer.
2.7
IDE interface integrated drive electronics
Interface for transmitting data in 16-bit parallel mode.
2.8
SATA interface serial advanced technology attachment
Interface for serial data transmission.
2.9
SCSI interface small computer system interface
High-speed interface for transmitting data in parallel.
2.10
SAS interface serial attached SCSI
SCSI interface with serial connection.
2.11
USB interface universal serial bus
Interface for serial bus data transmission.
2.12
Data area
Area where file data is stored.
2.13
Partition
A divided logical storage area in a storage medium.
2.14
Sector
Each track on the disk is equally divided.
2.15
Cluster
The smallest unit of file storage management consisting of sectors.
2.16
Master boot record
Contains the code of the system boot, partition table information, and master boot valid flags.
2.17
Boot sector
The first sector of the storage medium is used to load and give processor control to the operating system.
2.18
File directory table
Directory entries that store subdirectories or files.
2.19
File allocation table
Registers for managing and recording files using clusters.
2.20
Unallocated space
Unused or freed space on a storage medium after file deletion.
2.21
Slack space
The remaining space in the cluster that has not been filled with data.
2.22
Random access memory dump
Transfer some or all of the contents of the memory (RAM) to the storage medium.
2.23
External equipment
A device responsible for data transmission, transfer, and storage before and after the host computer processes the data.
2.24
Computer switch-on time
System time when the computer boots into the operating system.
2.25
Computer switch-off time
System time when the computer shuts down and exits the operating system.
2.26
Registry
Stores important data such as operating system information, installed software and hardware information, security policy settings, user accounts and settings, and network configuration
document.
2.27
Operating system log
The operation of the object specified by the operating system and its operation result are a time-ordered collection. Includes application logs, security logs, and
System log.
2.28
Internet favorite
The folder where the website address link information is saved.
2.29
Instant messaging
A comprehensive communication method integrating sound, text, and graphics that uses the network for real-time conversation and mutual information transmission.
2.30
Instant messaging client
An application that operates in conjunction with an instant messaging server and is used to receive instant messaging services in a local operating system or smart terminal
program.
2.31
Instant messaging protocol
Rules for controlling the instant messaging process and data transmission.
2.32
Instant messaging data
Text messages, files transferred, and voice call logs passed in instant messaging.
2.33
Instant messenger
An application with the ability to send and receive network messages in real time.
2.34
Volatile instant messaging
No need to install any application in the local operating system or smart terminal, just use the browser for instant messaging, and the server provides
A communication method for providing and maintaining the entire instant messaging network service.
2.35
Web browser history
A file that saves traces of browser activity.
2.36
Web server
Software environment and hardware devices that provide website content and website data services.
2.37
Website
According to certain rules, a collection of related web pages created using tools such as HTML to display specific content, including static files on the server
State file, or a collection of data dynamically generated by the server in response to user requests.
2.38
Static webpage
For a period of time, when the same URL is accessed, the data returned by the server remains basically unchanged. Including static website pages and servers
Side of a dynamic website page.
2.39
Dynamicwebpage
With the change of time, the content of the web page will change greatly while the URL remains unchanged.
Note. The dynamic webpages defined here correspond to the technical forms of pages with client-side dynamics, such as AJAX, HTML5.
2.40
Rich media
The form of plug-in is often used in web pages, and it has animation, sound, video and/or interactive information dissemination methods.
2.41
User agent
A special string header that enables the server to identify the operating system and version, CPU type, browser and version,
Browser rendering engine, browser language, browser plugin, etc.
2.42
Webpagesnapshot
Fix the specified website page and save it as a single file in a storage format such as JPG/PNG/MHT.
2.43
Websitemirror
Save the page and file content of the website, generate a mirror locally, modify the links in the page to stay on the local page
Jump between.
2.44
Remote host
A computer that is accessed and remotely controlled through a network.
2.45
Virtual host
Allocate a certain amount of disk space on the network server, place user sites, application components, etc., and provide necessary site functions and data storage
Playback and transmission functions.
2.46
Online game
Game products and services provided by information programs such as the Internet and mobile networks, consisting of software programs and information data.
2.47
Unauthorized online game
Without the authorization of the owner of the online game copyright, a game server that is set up privately, and an online game service system that provides game services on the Internet
System.
2.48
Server of online game
A program managed by the online game copyright owner or authorized operator to process and save the main data of the game.
2.49
Architecture of server program
The functions, relationships, and frameworks and structures of the various modules made up in the server-side program.
2.50
Resource file of online game
The internal files used by the online game engine mainly refer to maps, characters, audio and other files in a specific format in online games.
2.51
Client of online game
The online game copyright owner develops and authorizes the terminal program for users to connect to the server.
2.52
Architecture of client program
The functions, relationships, and frameworks and structures of the various modules made up in the client program.
2.53
Digital video record (DVR)
Video recording equipment using digital recording technology.
2.54
DVR on PC
A computer is used as a hardware platform, and a monitoring video recorder composed of a video capture card and corresponding monitoring application software is configured.
2.55
DVR with embedded system
Non-PC systems, based on hardware such as processors, memory, graphics controllers, I/O ports, etc., with real-time and multitasking operating systems,
Programmable applications are software platforms that write internal operating systems and applications to, for example, FLASH, DISK ON CHIP or microcontroller
Wait for the memory chip to form a complete surveillance video recorder.
2.56
Lossy surveillance video
Incomplete video data formed due to deletion, formatting, periodic coverage, etc.
2.57
Video file header
Located at the beginning of the video file, including non-video time information, file size, manufacturer ID, offset address attributes, etc. of the video file
Content data.
2.58
Key frame
A video frame of a complete image information generated by an intra-frame compression algorithm.
2.59
Video stream storage
Block-level storage is performed directly on the hard disk in accordance with the vendor-defined file management method.
2.60
File consistency
The data content of the two files is the same.
2.61
Write protect
Protective measures to ensure that the electronic data in the storage medium cannot be altered.
2.62
Digital signature
The calculation of electronic data using specific algorithms yields data values that are used to verify the origin and integrity of the electronic data.
2.63
User operation behavior
Specific behaviors of users using computer systems, such as on/off, login/logout, access to external devices, file operations, printing, software
Use, browsing the web, instant messaging, sending and receiving e-mails, etc. are divided into ongoing actions and actions that have already taken place.
2.64
Operation trace
Data reflecting the user's operation behavior process exist in areas such as logs, registry, temporary files, configuration files, and databases.
2.65
Destructive program
Unauthorized acquisition or deletion of functions of computer information systems or data stored, processed, or transmitted in computer information systems
Remove, add, modify, interfere, and destroy applications.
2.66
Program behavior
The interaction of the program with the computer information system during its operation and its impact on the computer information system.
2.67
Simulation object
Storage media, image files, and virtual machine files for system simulation.
2.68
Simulation tool
Hardware for inspection workstations with media storage, security backup, and read-only interfaces, and operations that bypass copyright check mechanisms, login passwords, etc.
Software for simulation verification functions such as system security measures.
2.69
Base station
A form of radio station, in a certain radio coverage area, through a mobile communication switching center, and a mobile phone terminal
Radio transmitting and receiving station for information transmission.
2.70
Pseudo base station
Have not obtained the telecommunications equipment network access license and radio transmission equipment type approval, have the ability to search mobile phone user information, forcibly target unspecified users
The mobile phone sends short messages and other functions, which will illegally occupy the public mobile communication frequency during use and partially block public mobile communication network signals.
Illegal radio communication equipment.
2.71
Volatile data
Data that exists on the network or that runs on electronic devices such as computers and disappears when the power is turned off or off.
2.72
Nonvolatile data
Data stored in electronic devices that do not disappear when the device is powered off or turned off.
2.73
File signature
A feature value (identifier) used to identify the true type of a file.
2.74
Integrity check value
The calculation of electronic data using specific algorithms, such as a hash algorithm, yields data values used to verify data integrity.
2.75
Integrity check
Use the integrity check value to verify that the data replication result is exactly the same as the copied data.
2.76
Data wiping
The process of writing specific data to the storage medium bit by bit using special software and hardware equipment.
2.77
Safe backup
Make a complete, accurate, non-destructive backup of the original data.
2.78
Static analysis
Analysis of an executable program without actually executing the program.
2.79
Dynamic analysis
An analysis of the program behavior of an executable program while the program is running.
2.80
Reverse analysis
Decompile the executable program and learn the program behavior and implementation process of the executable program by analyzing the decompiled code.
2.81
Emulation
Dynamically mimic the structure, function, and behavior of the system in the test material, run and log in to the application, and perform data browsing and analysis.
2.82
System emulation
Use virtualization technology, redirection technology to the computer operating system kernel, hardware devices, user environment, various network protocols,
Dynamic simulation of applications, data records and more.
2.83
Mobile phone card
A mobile phone user identification card with a microprocessor is used to record user data and information. Including SIM card, UIM card, PIM and USIM
Card etc.
2.84
Mobile memory card
A storage medium used to expand the physical storage space of a mobile phone. Including SD card, MMC card, mini SD card and MS card.
2.85
Electronic data acquisition
The process of searching, analyzing and intercepting the data stored, processed and transmitted by electronic equipment to obtain electronic data.
2.86
Remote inspection
Discover and extract electronic data related to the case to the remote computer information system through the network.
2.87
Extract onlineacquisition online
The process of obtaining electronic data in a target system while the target system is running.
2.88
Online analysis
With the target system running, analyze the electronic data in the forensics object.
2.89
Data recovery
The process of restoring file data that the operating system cannot access or recognize.
2.90
Data search
Find known content or keyword check in the storage medium for inspection, including file search and physical search.
2.91
File search
Search and verify data files in the storage medium based on known content or keywords.
2.92
Physical search
Search and verify binary data from storage devices or media based on known content or keywords.
2.93
Identification of file consistency
The procedure of comparing whether the data contents of two files are exactly the same.
2.94
Mobile phone forensics
The process of extracting and analyzing the electronic data contained in the phone body, phone card and expansion memory card using the principles, methods and procedures of physical evidence identification.
English Index
architecture of client program ... 2.52
architecture of server program ... 2.49
base station ... 2.69
boot sector ... 2.17
client of online game ... 2.51
cluster ... 2.15
computer switch-off time ... 2.25
computer switch-on time ... 2.24
data area ... 2.12
data recovery ... 2.89
data search ... 2.90
data wiping ... 2.76
destructive program ... 2.65
digital signature ... 2.62
digital video record (DVR) ... 2.53
duplication of electronic data ... 2.4
DVR on PC ... 2.54
DVR with embedded system ... 2.55
dynamic analysis ... 2.79
dynamicwebpage ... 2.39
electronic data acquisition ... 2.85
electronic data ... 2.1
electronic evidence ... 2.2
emulation object ... 2.67
emulation tool ... 2.68
emulation ... 2.81
external equipment ... 2.23
file allocation table ... 2.19
file consistency ... 2.60
file directory table ... 2.18
file header ... 2.57
file search ... 2.91
file signature ... 2.73
harddisk interface ... 2.6
identification of file consistency ... 2.93
instant messaging client ... 2.30
instant messaging data ... 2.32
instant messaging protocol ... 2.31
instant messaging ... 2.29
instant messenger ... 2.33
integrated drive electronics ... 2.7
integrity check value ... 2.74
integrity check ... 2.75
internet favorite ... 2.28
key frame ... 2.58
lossy surveillance video ... 2.56
master boot record ... 2.16
mobile memory card ... 2.84
mobile phone card ... 2.83
mobile phone forensics ... 2.94
nonvolatile data ... 2.72
online analysis ... 2.88
online game ... 2.46
onlineacquisition ... 2.87
operating system log ... 2.27
operation trace ... 2.64
original electronic data ... 2.3
partition ... 2.13
physical search ... 2.92
program behavior ... 2.66
pseudo base station ... 2.70
random access memory dump ... 2.22
registry ... 2.26
remote host ... 2.44
remote inspection ... 2.86
resource file of online game ... 2.50
reverse analysis ... 2.80
rich media ... 2.40
safe backup ... 2.77
sector ... 2.14
serial advanced technology attachment ... 2.8
serial attached SCSI ... 2.10
server of online game ... 2.48
slack space ... 2.21
small computer system interface ... 2.9
static analysis ... 2.78
staticwebpage ... 2.38
storage medium ... 2.5
system emulation ... 2.82
unallocated space ... 2.20
unauthorized online game ... 2.47
universal serial bus ... 2.11
user operation behavior ... 2.63
useragent ... 2.41
video stream storage ... 2.59
virtual host ... 2.45
volatile data ... 2.71
volatile instant messaging ... 2.34
web browser history ... 2.35
web server ... 2.36
webpagesnapshot ... 2.42
website ... 2.37
websitemirror ... 2.43
write protect ... 2.61
Chinese Index
Security backup ... 2.77
Operating Procedure ... 2.64
Operating system logs ... 2.27
Program Behavior ... 2.66
Cluster ... 2.15
Storage media ... 2.5
Electronic data ... 2.1
Electronic data copy ... 2.4
Electronic data acquisition ... 2.85
Electronic evidence ... 2.2
Dynamic Analysis ... 2.79
Dynamic web pages ... 2.39
Simulation ... 2.81
Simulation object ... 2.67
Simulation tools ... 2.68
Non-volatile data ... 2.72
Partition ... 2.13
Server program architecture ... 2.49
Rich Media ... 2.40
Key frames ... 2.58
IDE interface ... 2.7
Base station ... 2.69
IM ... 2.29
Instant messaging ... 2.32
Instant Messaging Client ... 2.30
Instant messaging software ... 2.33
Instant messaging protocol ... 2.31
Computer shutdown time ... 2.25
Computer startup time ... 2.24
Surveillance recorder ... 2.53
Static analysis ... 2.78
Static web pages ... 2.38
Client program architecture ... 2.52
Browser History ... 2.35
Memory Dump ... 2.22
Reverse Analysis ... 2.80
PC Surveillance Video Recorder ... 2.54
Destructive procedures ... 2.65
Embedded surveillance video recorder ... 2.55
SAS interface ... 2.10
SATA interface ... 2.8
SCSI interface ... 2.9
Sector ... 2.14
Video streaming storage ... 2.59
Video file header ... 2.57
Favorites ... 2.28
Phone inspection ... 2.94
Phone card ... 2.83
Phone expansion memory card ... 2.84
Data Erase ... 2.76
Data Recovery ... 2.89
Data area ... 2.12
Data Search ... 2.90
Digital signature ... 2.62
Relaxation space ... 2.21
USB interface ... 2.11
External equipment ... 2.23
Integrity check ... 2.75
Integrity check value ... 2.74
Online games ... 2.46
Online game server ... 2.48
Online game client ... 2.51
Online game private server ... 2.47
Online game resource files ... 2.50
Network remote survey ... 2.86
Website ... 2.37
Web server ... 2.36
Website pinning ... 2.42
Website mirroring ... 2.43
Pseudo base station ... 2.70
Unallocated space ... 2.20
File Allocation Table ... 2.19
File directory table ... 2.18
File signature ... 2.73
File Search ... 2.91
File consistency ... 2.60
Document consistency check ... 2.93
Physical Search ... 2.92
System simulation ... 2.82
Write protection ... 2.61
Web Hosting ... 2.45
Volatile Instant Messaging ... 2.34
Volatile data ... 2.71
Boot sector ... 2.17
Hard disk interface ... 2.6
User operation behavior ... 2.63
User Agent ... 2.41
Lossful surveillance video ... 2.56
Raw electronic data ... 2.3
Remote host ... 2.44
Online analysis ... 2.88
Extract online ... 2.87
Master Boot Record ... 2.16
Registry ... 2.26
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GA/T 1568-2019_English be delivered?Answer: Upon your order, we will start to translate GA/T 1568-2019_English as soon as possible, and keep you informed of the progress. The lead time is typically 2 ~ 4 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GA/T 1568-2019_English with my colleagues?Answer: Yes. The purchased PDF of GA/T 1568-2019_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|