# Difference between revisions of "Hashing"

From ForensicsWiki

Uwe Hermann (Talk | contribs) m |
(Added CTPH) |
||

Line 1: | Line 1: | ||

− | '''Hashing''' is a method for reducing large inputs to a smaller fixed size output. When doing forensics, typically cryptographic hashing algorithms like [[MD5]] and [[SHA-1]] are used. These functions have a few properties useful to forensics. | + | '''Hashing''' is a method for reducing large inputs to a smaller fixed size output. When doing forensics, typically cryptographic hashing algorithms like [[MD5]] and [[SHA-1]] are used. These functions have a few properties useful to forensics. Other types of hashing, such as [[Context Triggered Piecewise Hashing]] can also be used. |

== Tools == | == Tools == | ||

Line 7: | Line 7: | ||

* [[md5sum]] - Part of the [[GNU]] coreutils suite, this program is standard on many computers. | * [[md5sum]] - Part of the [[GNU]] coreutils suite, this program is standard on many computers. | ||

* [[md5deep]] - Computes hashes, recursively if desired, and can compare the results to known values. | * [[md5deep]] - Computes hashes, recursively if desired, and can compare the results to known values. | ||

+ | * [[ssdeep]] - Computes and matches [[Context Triggered Piecewise Hashes]]. |

## Revision as of 09:37, 17 August 2006

**Hashing** is a method for reducing large inputs to a smaller fixed size output. When doing forensics, typically cryptographic hashing algorithms like MD5 and SHA-1 are used. These functions have a few properties useful to forensics. Other types of hashing, such as Context Triggered Piecewise Hashing can also be used.

## Tools

There are literally hundreds of hashing programs out there, but a few related to forensics are:

- md5sum - Part of the GNU coreutils suite, this program is standard on many computers.
- md5deep - Computes hashes, recursively if desired, and can compare the results to known values.
- ssdeep - Computes and matches Context Triggered Piecewise Hashes.