Difference between revisions of "Hashing"

From ForensicsWiki
Jump to: navigation, search
m
(Added CTPH)
Line 1: Line 1:
'''Hashing''' is a method for reducing large inputs to a smaller fixed size output. When doing forensics, typically cryptographic hashing algorithms like [[MD5]] and [[SHA-1]] are used. These functions have a few properties useful to forensics.
+
'''Hashing''' is a method for reducing large inputs to a smaller fixed size output. When doing forensics, typically cryptographic hashing algorithms like [[MD5]] and [[SHA-1]] are used. These functions have a few properties useful to forensics. Other types of hashing, such as [[Context Triggered Piecewise Hashing]] can also be used.
  
 
== Tools ==
 
== Tools ==
Line 7: Line 7:
 
* [[md5sum]] - Part of the [[GNU]] coreutils suite, this program is standard on many computers.
 
* [[md5sum]] - Part of the [[GNU]] coreutils suite, this program is standard on many computers.
 
* [[md5deep]] - Computes hashes, recursively if desired, and can compare the results to known values.
 
* [[md5deep]] - Computes hashes, recursively if desired, and can compare the results to known values.
 +
* [[ssdeep]] - Computes and matches [[Context Triggered Piecewise Hashes]].

Revision as of 09:37, 17 August 2006

Hashing is a method for reducing large inputs to a smaller fixed size output. When doing forensics, typically cryptographic hashing algorithms like MD5 and SHA-1 are used. These functions have a few properties useful to forensics. Other types of hashing, such as Context Triggered Piecewise Hashing can also be used.

Tools

There are literally hundreds of hashing programs out there, but a few related to forensics are: