# Tornado Terminology

## Core Terms

### **Collection**

The process of gathering digital evidence from cloud platforms. A collection refers to a single operation that retrieves specific data types from selected accounts.

### **Case**

A logical container that holds one or more collections and their associated evidence. Cases help organize investigations systematically.

### **Evidence**

Digital data collected from cloud platforms, stored in an **SQLite database** format for analysis and export.

***

## Platform Terms

### **Google Workspace (GWS)**

* **Mail Data**: Emails, attachments, and settings.
* **Drive Activities**: File sharing and access logs.
* **Reports**: Administrative and security logs.
* **Admin Data**: System configurations and policies.

### **Microsoft 365 (O365)**

* **Mail Data**: Exchange emails and metadata.
* **Entra Data**: Sign-in and audit logs (formerly Azure AD).
* **Admin Actions**: System changes and configurations.

***

## Interface Elements

### **Collectors**

Components designed to gather specific types of data:

* **Mail Collector**
* **Drive Activity Collector**
* **Reports Collector**
* **Admin Collector**

### **Collection Modes**

* **Normal User**: Collection using standard user credentials.
* **Admin/Service**: Collection using administrative or service account access.

### **Progress States**

* **Pending**: Collection is awaiting start.
* **Running**: Collection is in progress.
* **Completed**: Collection finished successfully.
* **Failed**: Collection encountered errors.

***

## Technical Terms

### **HTTP Trace**

Detailed logging of API communications, used for troubleshooting and debugging.

### **SQLite Database**

The storage format is used for organizing and exporting collected evidence.

### **OAuth 2.0**

A secure authentication protocol is used to access cloud platforms during collection.

{% hint style="warning" %}
During the public review period for Tornado, the **GWS OAuth2 mode is temporarily disabled.** Once the application is approved, this feature will be re-enabled, and you will be able to use it seamlessly. We will announce publicly as soon as the review process is complete and the feature is available.
{% endhint %}

***

## Common Actions

### **Authentication**

The process of logging into cloud platforms to enable data collection.

### **Export**

Saving collected evidence in an **SQLite database** format for use outside the system.

### **Collection Configuration**

Customizable settings and parameters that define the scope and type of data to be collected.