This glossary is from Learning Ransomware Response & Recovery by W. Curtis Preston and Dr. Mike Saylor. Browse all letters of the glossary or get the book.
Fail-back – The process of returning operations from a recovery environment back to the primary production environment.
Fail-over – The process of switching operations from a compromised primary environment to a recovery environment.
Failback – The process of returning operations from a disaster recovery environment back to the primary production environment.
Failover – The automatic or manual switching of operations from a failed primary system to a backup or disaster recovery system.
FIDO/FIDO2 – Authentication standards that enable passwordless login using cryptographic keys, providing strong phishing resistance.
File Extensions – Suffixes added to filenames (e.g., .lock, .encrypted, .cl0p) that often indicate which ransomware variant encrypted the file.
File Integrity Monitoring (FIM) – Security technique that detects unauthorized changes to critical files by monitoring file attributes and contents.
Fileless Malware – Malware that operates in system memory without writing files to disk, making it harder to detect.
Firewall – A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
Firmware – Permanent software embedded in hardware devices; advanced malware can infect firmware to survive operating system reinstallation.
Five Whys – Root cause analysis technique that asks “why” repeatedly to drill down from symptoms to underlying causes.
Forensic Evidence – Digital artifacts and records preserved during an incident to support investigation, legal proceedings, or insurance claims.
Forensic Imaging – Creating exact bit-for-bit copies of storage devices to preserve evidence while allowing analysis without altering original data.
Forever Incremental – A backup approach that performs one full backup followed by continuous incremental backups, never requiring another full.
FTK (Forensic Toolkit) – Digital forensics software used for evidence collection and analysis.
FTP (File Transfer Protocol) – A standard network protocol for transferring files; often monitored for data exfiltration.
Full Backup – A complete backup of all selected data, serving as a baseline for subsequent incremental backups.
Full System Restore – Restoring an entire system including OS, applications, and data from backup (not recommended due to reinfection risk).