Language selection

Search

Glossary of Terms

Digital Evidence: Information or data stored or transmitted in binary form that may be relied upon as evidence. (ISO/IEC 27037)

Digital Forensics: The application of science to the identification, collection, examination, and analysis, of data while preserving the integrity of the information and maintaining a strict chain of custody for the data. (NIST SP 800-86)

Hard Disk Drive: Electromechanical device consisting of one or more magnetic disks (platters), read & write heads, a motor, and control electronics usually contained within an enclosure and used to store data. (ISO 18943) Note: Also commonly referred to as hard drives or disk drives.

Hardware: Physical equipment, as opposed to programs, procedures, rules, and associated documentation. (ISO/TR 11065) All or part of the physical components of an information processing system. (ISO/IEC 2382-1)

Logical Access Control System: Automated system that controls an individual’s ability to access one or more computer system resources, such as a workstation, network, application, or database. A logical access control system requires the validation of an individual’s identity through some mechanism, such as a PIN, card, biometric, or other token. It has the capability to assign different access privileges to different individuals depending on their roles and responsibilities in an organization. (NIST SP 800-53 Rev. 5)

Mobile Digital Forensics: Science of recovering digital evidence from a mobile device under forensically sound conditions using accepted methods. (NIST SP 800-101 Rev 1)

National Technology Onboarding Program:

[A program] created in 2021 to improve how the RCMP manages the use of new technologies and investigative tools that involve the collection and use of personal information. (RCMP)

After we launched our investigation, the RCMP issued internal guidance to staff to restrict the use of Clearview AI and initiated a pilot “National Technology Onboarding Program” intended to systematically examine the compliance of new investigative techniques with the Privacy Act and the Canadian Charter of Rights and Freedoms. (OPC — Police use of Facial Recognition Technology in Canada and the way forward, June 2021)

On-Device Investigative Tools: An ODIT is a computer program as defined in s.342.1(2) of the Criminal Code that is installed on a targeted computing device that enables the collection of electronic evidence from the device. Predominately, ODITs are authorized as part of an ‘omnibus’ Part VI wiretap authorization pursuant to s. 185/6 of the Criminal Code. That authorizations permits police to prospectively collect private communications and includes a number of other warrants & orders that authorize the installation and use of ODITs. ODITs can also be used to collect private communications and other evidence that already exists. In those cases, police seek a general warrant pursuant to section 487.01 of the Criminal Code.

Encrypted data that is transmitted can be intercepted, however the encryption renders it unintelligible. ODITs may be used to obtain this data in a readable format. An ODIT may be used to collect/intercept the data from within the target device while the data is in an unencrypted form. If the targeted device or network is receiving data, the ODIT may collect/intercept the data after it has been received by the device and decrypted. Further to this example, if the targeted device or network is sending data, the ODIT may collect/intercept the data before it is encrypted and sent.

ODITs can otherwise be used to collect evidence from or using the targeted device. For example:

  1. to covertly copy data stored on a device or available to that device from cloud storage or another networked device,
  2. to capture data that identifies the user of the device,
  3. to activate peripheral components of the targeted device, i.e. the camera and microphone, to conduct electronic surveillance.

(Public Safety Canada, Parliamentary Committee Notes: On-Device Investigative Tools)

Physical Access Control System: Electronic system that controls the ability of people or vehicles to enter a protected area by means of authentication and authorization at access control points. (NIST SP 800-53 Rev. 5)

Sanitization (Wiping): The process of permanently removing data from a device or storage media. The storage media can be reused, but the data cannot be recovered or accessed. (CCCS ITSAP.40.006)

Search warrant: A court order that a magistrate or judge issues to authorize law enforcement officers to conduct a search of a person, location, or vehicle for evidence of a crime and to confiscate any evidence they find. In Canada, police must present a judge with an ITO (information to obtain) form that contains reasonable and probable grounds to believe an offence has been or is being committed and that the authorization sought will afford evidence of that offence. This hearing is ex parte, meaning only the crown is present. This fact obliges the police to include any known facts that hurt their application. (Wikipedia)

Software: Computer programs (which are stored in and executed by computer hardware) and associated data (which also is stored in the hardware) that may be dynamically written or modified during execution. (Internet Security Glossary, Version 2)

Spyware: Software that is secretly or surreptitiously installed into an information system to gather information on individuals or organizations without their knowledge; a type of malicious code. (NIST SP 800-53 Rev. 5)

Date modified: