http://www.forensicswiki.org/w/index.php?title=Data_Reduction&feed=atom&action=historyData Reduction - Revision history2013-05-24T09:25:56ZRevision history for this page on the wikiMediaWiki 1.20.3http://www.forensicswiki.org/w/index.php?title=Data_Reduction&diff=891&oldid=prevUwe Hermann: Reverted edit of Porker, changed back to last version by Uwe Hermann2006-04-16T16:57:22Z<p>Reverted edit of Porker, changed back to last version by Uwe Hermann</p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 16:57, 16 April 2006</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">Man shot dead at vehicle checkpoint</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">'''Data reduction''' is the science of eliminating information from consideration. Although that may sound counter to the goal of [[computer forensics]], today's computers contain too much information for a single [[investigator]] to completely evaluate. Thus, those data that can be eliminated from consideration should be removed, freeing an investigator to concentrate on the truly meaningful pieces.</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>A <del class="diffchange diffchange-inline">man has been shot dead by police at </del>a <del class="diffchange diffchange-inline">vehicle checkpoint in Northern Ireland. Officers fired a number </del>of <del class="diffchange diffchange-inline">rounds during </del>the <del class="diffchange diffchange-inline">incident on Church Street </del>in <del class="diffchange diffchange-inline">Ballynahinch</del>, <del class="diffchange diffchange-inline">County Down</del>. <del class="diffchange diffchange-inline">The man shot dead was </del>the</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">== Hash Analysis ==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>A <ins class="diffchange diffchange-inline">[[hash]] is </ins>a <ins class="diffchange diffchange-inline">mathmatical transform that reduces an input </ins>of <ins class="diffchange diffchange-inline">arbitrary size to a fixed value. It has </ins>the <ins class="diffchange diffchange-inline">property that any two inputs that have the same hash are almost certainly the same. In this vein, an investigator can compute hashes of known good and known bad inputs (e.g. files) and use those hashes to search for those known files </ins>in <ins class="diffchange diffchange-inline">a set of unknown files. For example</ins>, <ins class="diffchange diffchange-inline">the [[NIST]] [[National Software Reference Library]] provides several million hashes of known good [[operating system]] files</ins>. <ins class="diffchange diffchange-inline">If an invesigator can match those known hashes into an unknown set of files, </ins>the <ins class="diffchange diffchange-inline">matching files can be eliminated from consideration.</ins></div></td></tr>
</table>Uwe Hermannhttp://www.forensicswiki.org/w/index.php?title=Data_Reduction&diff=890&oldid=prevPorker at 13:47, 16 April 20062006-04-16T13:47:39Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 13:47, 16 April 2006</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">'''Data reduction''' is the science of eliminating information from consideration. Although that may sound counter to the goal of [[computer forensics]], today's computers contain too much information for a single [[investigator]] to completely evaluate. Thus, those data that can be eliminated from consideration should be removed, freeing an investigator to concentrate on the truly meaningful pieces.</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">Man shot dead at vehicle checkpoint</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>A <ins class="diffchange diffchange-inline">man has been shot dead by police at </ins>a <ins class="diffchange diffchange-inline">vehicle checkpoint in Northern Ireland. Officers fired a number </ins>of <ins class="diffchange diffchange-inline">rounds during </ins>the <ins class="diffchange diffchange-inline">incident on Church Street </ins>in <ins class="diffchange diffchange-inline">Ballynahinch</ins>, <ins class="diffchange diffchange-inline">County Down</ins>. <ins class="diffchange diffchange-inline">The man shot dead was </ins>the</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">== Hash Analysis ==</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>A <del class="diffchange diffchange-inline">[[hash]] is </del>a <del class="diffchange diffchange-inline">mathmatical transform that reduces an input </del>of <del class="diffchange diffchange-inline">arbitrary size to a fixed value. It has </del>the <del class="diffchange diffchange-inline">property that any two inputs that have the same hash are almost certainly the same. In this vein, an investigator can compute hashes of known good and known bad inputs (e.g. files) and use those hashes to search for those known files </del>in <del class="diffchange diffchange-inline">a set of unknown files. For example</del>, <del class="diffchange diffchange-inline">the [[NIST]] [[National Software Reference Library]] provides several million hashes of known good [[operating system]] files</del>. <del class="diffchange diffchange-inline">If an invesigator can match those known hashes into an unknown set of files, </del>the <del class="diffchange diffchange-inline">matching files can be eliminated from consideration.</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
</table>Porkerhttp://www.forensicswiki.org/w/index.php?title=Data_Reduction&diff=889&oldid=prevUwe Hermann at 00:14, 16 March 20062006-03-16T00:14:00Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 00:14, 16 March 2006</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>Data reduction is the science of eliminating information from consideration. Although that may sound counter to the goal of computer forensics, today's computers contain too much information for a single investigator to completely evaluate. Thus, those data that can be eliminated from consideration should be removed, freeing an investigator to concentrate on the truly meaningful pieces.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">'''</ins>Data reduction<ins class="diffchange diffchange-inline">''' </ins>is the science of eliminating information from consideration. Although that may sound counter to the goal of <ins class="diffchange diffchange-inline">[[</ins>computer forensics<ins class="diffchange diffchange-inline">]]</ins>, today's computers contain too much information for a single <ins class="diffchange diffchange-inline">[[</ins>investigator<ins class="diffchange diffchange-inline">]] </ins>to completely evaluate. Thus, those data that can be eliminated from consideration should be removed, freeing an investigator to concentrate on the truly meaningful pieces.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== Hash Analysis ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== Hash Analysis ==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>A [[hash]] is a mathmatical transform that reduces an input of arbitrary size to a fixed value. It has the property that any two inputs that have the same hash are almost certainly the same <del class="diffchange diffchange-inline">file</del>. In this vein, an investigator can compute hashes of known good and known bad <del class="diffchange diffchange-inline">hashes </del>and use those hashes to search for those known files in a set of unknown files. For example, the [[NIST]] [[National Software Reference Library]] provides several million hashes of known good operating system files. If an invesigator can match those known hashes into an unknown set of files, the matching files can be eliminated from consideration.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>A [[hash]] is a mathmatical transform that reduces an input of arbitrary size to a fixed value. It has the property that any two inputs that have the same hash are almost certainly the same. In this vein, an investigator can compute hashes of known good and known bad <ins class="diffchange diffchange-inline">inputs (e.g. files) </ins>and use those hashes to search for those known files in a set of unknown files. For example, the [[NIST]] [[National Software Reference Library]] provides several million hashes of known good <ins class="diffchange diffchange-inline">[[</ins>operating system<ins class="diffchange diffchange-inline">]] </ins>files. If an invesigator can match those known hashes into an unknown set of files, the matching files can be eliminated from consideration.</div></td></tr>
</table>Uwe Hermannhttp://www.forensicswiki.org/w/index.php?title=Data_Reduction&diff=888&oldid=prevJessek at 15:26, 29 October 20052005-10-29T15:26:52Z<p></p>
<p><b>New page</b></p><div>Data reduction is the science of eliminating information from consideration. Although that may sound counter to the goal of computer forensics, today's computers contain too much information for a single investigator to completely evaluate. Thus, those data that can be eliminated from consideration should be removed, freeing an investigator to concentrate on the truly meaningful pieces.<br />
<br />
<br />
== Hash Analysis ==<br />
<br />
A [[hash]] is a mathmatical transform that reduces an input of arbitrary size to a fixed value. It has the property that any two inputs that have the same hash are almost certainly the same file. In this vein, an investigator can compute hashes of known good and known bad hashes and use those hashes to search for those known files in a set of unknown files. For example, the [[NIST]] [[National Software Reference Library]] provides several million hashes of known good operating system files. If an invesigator can match those known hashes into an unknown set of files, the matching files can be eliminated from consideration.</div>Jessek