Browse Definitions:
Definition

latent data (ambient data)

Contributor(s): Matthew Haughn

Latent data, also known as ambient data, is the information in computer storage that is not referenced in file allocation tables and is generally not viewable through the operating system (OS) or standard applications.

Latent data is found in the combined remaining information content on the computer from deleted files in unallocated space, swap files, print spooler files, memory dumps, the slack space of existing files and temporary cache.

Latent data is used in the recovery of files lost due to user errors, unforeseen program operations or malicious activity such as ransomware. This hidden information is also used in computer forensics to retrieve files that have been deleted. In either case, special software is required.

Understanding how latent data remains on a hard drive requires some knowledge about how information is stored on computers that have hard disk drives. Such computers store data magnetically through read/write heads in a sealed unit on a circular, spinning, metallic disk or stack of disks called platters. Each platter is composed of logically defined sections called sectors and divided further into clusters.

By default, most OS clusters are configured to hold no more than 512 bytes of data. If a text file that is 400 bytes is saved to disk, a 512-byte cluster will have 112 bytes of extra space left over. When the computer’s hard drive is brand new, the space in a cluster that is not used is blank, but that changes with use. When a file is deleted, the operating system doesn't erase the file but just makes the cluster the file occupied available for reallocation. What is actually deleted is a reference to the file in a record similar to a table of contents  for the hard drive: the file table. Should a new file that is only 200 bytes be allocated to the original sector, the cluster’s slack space will now contain 200 bytes, some of which could be leftover data from the first file in addition to the original 112 bytes of extra space.

That leftover data in the slack space can provide investigators with clues as to prior uses of the computer in question as well as leads for further inquiries. It may have small files available for data recovery as well as pieces of larger files that span multiple clusters. This is also true of the swap file an operating system uses for virtual memory that has is generally only accessible to the OS.

To recover latent data from a computer, the drive it is on should not be used. In fact, if it is the OS drive, you should avoid even booting up the computer, because for every new file or change to a file, latent data can be lost. In the simple act of booting a computer,with most operating systems hundreds of files are changed. The tools of government organizations are said to be able to read even traces of overwritten files.

This was last updated in December 2016 ???publishDate.suggestedBy???

Continue Reading About latent data (ambient data)

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • smart contract

    A smart contract, also known as a cryptocontract, is a computer program that directly controls the transfer of digital currencies...

  • risk map (risk heat map)

    A risk map, also known as a risk heat map, is a data visualization tool for communicating specific risks an organization faces. A...

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine ...

SearchCloudProvider

  • cloud ecosystem

    A cloud ecosystem is a complex system of interdependent components that all work together to enable cloud services.

  • cloud services

    Cloud services is an umbrella term that may refer to a variety of resources provided over the internet, or to professional ...

  • uncloud (de-cloud)

    The term uncloud describes the action or process of removing applications and data from a cloud computing platform.

SearchSecurity

  • Common Body of Knowledge (CBK)

    In security, Common Body of Knowledge (CBK) is a comprehensive framework of all the relevant subjects a security professional ...

  • rootkit

    A rootkit is a program or, more often, a collection of software tools that gives a threat actor remote access to and control over...

  • Metamorphic virus

    A metamorphic virus is a type of malware that is capable of changing its code and signature patterns with each iteration.

SearchHealthIT

  • clinical trial

    A clinical trial, also known as a clinical research study, is a protocol to evaluate the effects and efficacy of experimental ...

  • Practice Fusion

    Practice Fusion Inc. is a San Francisco-based company that developed a free electronic health record (EHR) system available to ...

  • RHIA (Registered Health Information Administrator)

    An RHIA, or registered health information administrator, is a certified professional who oversees the creation and use of patient...

SearchDisasterRecovery

SearchStorage

  • Red Hat OpenStack Platform

    Red Hat OpenStack Platform is a commercially supported distribution of open source OpenStack software designed to build and ...

  • storage medium (storage media)

    In computers, a storage medium is any technology -- including devices and materials -- used to place, keep and retrieve ...

  • Random Access Memory (RAM)

    Random Access Memory (RAM) is the hardware in a computing device where the operating system (OS), application programs and data ...

SearchSolidStateStorage

  • hybrid hard disk drive (HDD)

    A hybrid hard disk drive is an electromechanical spinning hard disk that contains some amount of NAND Flash memory.

Close