ForensicsWiki will continue to operate as it has before and will not be shutting down. There may be some minor outages as we transition the site to new hardware, but we will try to minimize this as much as possible. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Hashing"

From ForensicsWiki
Jump to: navigation, search
m
(Added CTPH)
Line 1: Line 1:
'''Hashing''' is a method for reducing large inputs to a smaller fixed size output. When doing forensics, typically cryptographic hashing algorithms like [[MD5]] and [[SHA-1]] are used. These functions have a few properties useful to forensics.
+
'''Hashing''' is a method for reducing large inputs to a smaller fixed size output. When doing forensics, typically cryptographic hashing algorithms like [[MD5]] and [[SHA-1]] are used. These functions have a few properties useful to forensics. Other types of hashing, such as [[Context Triggered Piecewise Hashing]] can also be used.
  
 
== Tools ==
 
== Tools ==
Line 7: Line 7:
 
* [[md5sum]] - Part of the [[GNU]] coreutils suite, this program is standard on many computers.
 
* [[md5sum]] - Part of the [[GNU]] coreutils suite, this program is standard on many computers.
 
* [[md5deep]] - Computes hashes, recursively if desired, and can compare the results to known values.
 
* [[md5deep]] - Computes hashes, recursively if desired, and can compare the results to known values.
 +
* [[ssdeep]] - Computes and matches [[Context Triggered Piecewise Hashes]].

Revision as of 13:37, 17 August 2006

Hashing is a method for reducing large inputs to a smaller fixed size output. When doing forensics, typically cryptographic hashing algorithms like MD5 and SHA-1 are used. These functions have a few properties useful to forensics. Other types of hashing, such as Context Triggered Piecewise Hashing can also be used.

Tools

There are literally hundreds of hashing programs out there, but a few related to forensics are: