ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Jesse Kornblum"

From ForensicsWiki
Jump to: navigation, search
m
Line 3: Line 3:
 
== Tools ==  
 
== Tools ==  
  
[[md5deep]] and [[hashdeep]] - Cross platform recursive [[hashing]] program. Computes MD5, SHA-1, SHA-256, Tiger and Whirlpool hashes. Can also match against sets of known hashes. The latter program uses [[multihashing]] to conduct a computer forensics audit.
+
[[md5deep]] and [[hashdeep]] - Cross platform recursive [[hashing]] and auditing programs, respectively. Computes MD5, SHA-1, SHA-256, Tiger and Whirlpool hashes. Can also match against sets of known hashes. The latter program uses [[multihashing]] to conduct a computer forensics audit.
  
 
[[foremost]] - File [[carving]] program  
 
[[foremost]] - File [[carving]] program  

Revision as of 13:07, 20 March 2008

Jesse Kornblum is a computer forensics author, researcher and engineer. You can read more about him in his Wikipedia entry or his official web site. His Curriculum Vitae has a current list of his papers. He current works for ManTech.

Tools

md5deep and hashdeep - Cross platform recursive hashing and auditing programs, respectively. Computes MD5, SHA-1, SHA-256, Tiger and Whirlpool hashes. Can also match against sets of known hashes. The latter program uses multihashing to conduct a computer forensics audit.

foremost - File carving program

ssdeep - Usually called Fuzzy Hashing, this program implements Context Triggered Piecewise Hashing.

FRED - The First Responder's Evidence Disk

dc3dd - A patch to add forensics features to GNU dd

Miss Identify - Program to identify Win32 executables that don't have an executable extension. Can also identify all executables.