first
prev
toc
next
last
Download Citation
Recommend
Mark
Alert
Link
Print
Auditing Hash Sets: Lessons Learned from Jurassic Park
Author:
Jesse D. Kornblum a
| Affiliation: | a ManTech International Corporation, 6700 Alexander Bell Dr., Columbia, MD, USA |
DOI:
10.1080/15567280802385477
Publication Frequency:
4 issues per year
Subjects:
Computer Fraud, Hacking & Viruses;
Computing & IT Security;
Digital Forensics;
Forensic Science - Law;
Information & Communication Technology (ICT);
Information Technology Law;
Privacy & Data Protection;
Software Engineering & Systems Development;
Formats available:
HTML
(English)
:
PDF
(English)
Article Requests:
Order Reprints
:
Request Permissions
-
Single Article Purchase:
US$37.00
-
buy now
-
Sign In
- Online Sample
add to cart 
[ show other buying options ]
View Article:
View Article (PDF)
View Article (HTML)
Abstract
Auditing a set of cryptographic hashes allows a forensic examiner to determine the state of a target directory as compared to those hashes. Unlike traditional hash comparison methods, an audit takes into account all of the files in the target directory and their relative paths. Not taking these data into account can impair examinations and tool certifications. An audit examines each file in the target directory, computes its hash, and compares it to a file containing the known hash values. Any file not in the set of known hashes is flagged as being inserted. When all of the files in the target directory have been examined, any known hashes that have not been matched are flagged as being missing. The result is a complete picture comparing the set of known hashes and the target directory.
|
| Keywords: hashing; audit; validation; hash set; hashdeep |
| view references (10) |
|
Bookmark with:
|
CiteULike
Del.icio.us
BibSonomy
Connotea
More bookmarks
