Cart
Auditing Hash Sets: Lessons Learned from Jurassic Park
ABSTRACT
Auditing a set of cryptographic hashes allows a forensic examiner to determine the state of a target directory as compared to those hashes. Unlike traditional hash comparison methods, an audit takes into account all of the files in the target directory and their relative paths. Not taking these data into account can impair examinations and tool certifications. An audit examines each file in the target directory, computes its hash, and compares it to a file containing the known hash values. Any file not in the set of known hashes is flagged as being inserted. When all of the files in the target directory have been examined, any known hashes that have not been matched are flagged as being missing. The result is a complete picture comparing the set of known hashes and the target directory.
KEYWORDS
- Recommend to:
- A friend
First page preview
Details
- Available online: 12 Dec 2008
Author affiliations
- a ManTech International Corporation, 6700 Alexander Bell Dr., Columbia, MD, 21046, USA
Journal news
- Note: Publication of the journal has ceased after the 2010 volume
Librarians
- Librarians' area
- Pricing
- Institutional account
- Access entitlements
- Co-branding
- IP ranges
- Link resolver preferences
- Usage reports