Difference between revisions of "Jesse Kornblum"

From Forensics Wiki
Jump to: navigation, search
m
 
(17 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Author of a number of computer forensic tools such as [[foremost]] and the [[md5deep]] suite.  
+
Jesse Kornblum is a computer forensics author, researcher and engineer. You can read his [http://jessekornblum.com/ official web site]. His [http://jessekornblum.com/kornblum-cv.pdf Curriculum Vitae] has a current list of his papers.
  
For more, see his user page: [[User:Jessek|Jessek]].
+
== Tools ==
 +
 
 +
[[md5deep]] and [[hashdeep]] - Cross platform recursive [[hashing]] and auditing programs, respectively. Computes MD5, SHA-1, SHA-256, Tiger and Whirlpool hashes. Can also match against sets of known hashes. The latter program uses [[multihashing]] to conduct a computer forensics audit.
 +
 
 +
[[foremost]] - File [[carving]] program
 +
 
 +
[[ssdeep]] - Usually called Fuzzy Hashing, this program implements [[Context Triggered Piecewise Hashing]].
 +
 
 +
[[First Responder's Evidence Disk|FRED]] - The First Responder's Evidence Disk
 +
 
 +
[[dc3dd]] - A patch to add forensics features to [[dd|GNU dd]]
 +
 
 +
[[Miss Identify]] - Program to identify Win32 executables that don't have an executable extension. Can also identify all executables.
 +
 
 +
[[Category:People]]

Latest revision as of 09:08, 9 November 2012

Jesse Kornblum is a computer forensics author, researcher and engineer. You can read his official web site. His Curriculum Vitae has a current list of his papers.

Tools

md5deep and hashdeep - Cross platform recursive hashing and auditing programs, respectively. Computes MD5, SHA-1, SHA-256, Tiger and Whirlpool hashes. Can also match against sets of known hashes. The latter program uses multihashing to conduct a computer forensics audit.

foremost - File carving program

ssdeep - Usually called Fuzzy Hashing, this program implements Context Triggered Piecewise Hashing.

FRED - The First Responder's Evidence Disk

dc3dd - A patch to add forensics features to GNU dd

Miss Identify - Program to identify Win32 executables that don't have an executable extension. Can also identify all executables.