This glossary is from Learning Ransomware Response & Recovery by W. Curtis Preston and Dr. Mike Saylor. Browse all letters of the glossary or get the book.
Hardware Security Module (HSM) – A physical device that safeguards and manages cryptographic keys and performs encryption operations.
Hash Values – Unique digital fingerprints (like SHA256) used to verify file integrity and prove evidence hasn’t been tampered with.
Hash-based Scanning – Malware detection method that identifies files by their unique cryptographic signatures or fingerprints.
Heuristic Analysis – Malware detection method that identifies threats based on behavioral characteristics rather than known signatures.
Hidden Partitions – Storage areas not visible in standard disk management tools, such as recovery partitions, where malware can hide.
HIPAA (Health Insurance Portability and Accountability Act) – U.S. healthcare regulation requiring patient data protection and breach notifications.
Hot Site – A fully equipped disaster recovery facility that’s continuously synchronized with production and ready for immediate failover.
Hybrid Analysis – Cloud-based malware sandbox for automated behavioral analysis of suspicious files.
Hyper-V – Microsoft’s virtualization platform for creating isolated virtual machines.
Hypervisor – Software that creates and manages virtual machines; advanced malware can install itself as a hypervisor layer to control everything above it.