Difference between revisions of "Hashkeeper"

From ForensicsWiki
Jump to: navigation, search
(Added mailing list)
Line 1: Line 1:
 
 
Run by the National Drug Intelligence Center, part of the U.S. Department of Justice.
 
Run by the National Drug Intelligence Center, part of the U.S. Department of Justice.
  
Line 15: Line 14:
  
 
== External Links ==
 
== External Links ==
 
 
* [http://www.usdoj.gov/ndic/about.htm Official NDIC website]
 
* [http://www.usdoj.gov/ndic/about.htm Official NDIC website]
 +
* [http://tech.groups.yahoo.com/group/hashkeeper/ Hashkeeper mailing list]
  
 
[[Category:Hashing]]
 
[[Category:Hashing]]

Revision as of 07:40, 16 April 2007

Run by the National Drug Intelligence Center, part of the U.S. Department of Justice.

HashKeeper is a database application of value primarily to those conducting forensic examinations of computers on a somewhat regular basis.

Overview

The application uses the MD5 file signature algorithm to establish unique numeric identifiers (hash values) for known files and compares those known hash values against the hash values of Computer file|files on a seized computer system. Where those values match, the examiner can say, with statistical certainty, that the corresponding files on the seized system have been authenticated and therefore do not need to be examined.

Origins

Created by the National Drug Intelligence Center (NDIC)—an agency of the United States Department of Justice—in 1996, it was the first source for hash values of "known to be good" files.

Availability

HashKeeper is available, free-of-charge, to law enforcement, military and other government agencies throughout the world. It is available to the public by sending a Freedom of Information Act request to NDIC.

External Links