Difference between revisions of "Jesse Kornblum"

From Forensics Wiki
Jump to: navigation, search
m
Line 3: Line 3:
 
== Tools ==  
 
== Tools ==  
  
[[md5deep]] and [[hashdeep]] - Cross platform recursive [[hashing]] program. Computes MD5, SHA-1, SHA-256, Tiger and Whirlpool hashes. Can also match against sets of known hashes. The latter program uses [[multihashing]] to conduct a computer forensics audit.
+
[[md5deep]] and [[hashdeep]] - Cross platform recursive [[hashing]] and auditing programs, respectively. Computes MD5, SHA-1, SHA-256, Tiger and Whirlpool hashes. Can also match against sets of known hashes. The latter program uses [[multihashing]] to conduct a computer forensics audit.
  
 
[[foremost]] - File [[carving]] program  
 
[[foremost]] - File [[carving]] program  

Revision as of 08:07, 20 March 2008

Jesse Kornblum is a computer forensics author, researcher and engineer. You can read more about him in his Wikipedia entry or his official web site. His Curriculum Vitae has a current list of his papers. He current works for ManTech.

Tools

md5deep and hashdeep - Cross platform recursive hashing and auditing programs, respectively. Computes MD5, SHA-1, SHA-256, Tiger and Whirlpool hashes. Can also match against sets of known hashes. The latter program uses multihashing to conduct a computer forensics audit.

foremost - File carving program

ssdeep - Usually called Fuzzy Hashing, this program implements Context Triggered Piecewise Hashing.

FRED - The First Responder's Evidence Disk

dc3dd - A patch to add forensics features to GNU dd

Miss Identify - Program to identify Win32 executables that don't have an executable extension. Can also identify all executables.