Difference between revisions of "Jesse Kornblum"
(Added hashdeep) |
|||
| (6 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | Jesse Kornblum is a computer forensics author, researcher and engineer. You can read | + | Jesse Kornblum is a computer forensics author, researcher and engineer. You can read his [http://jessekornblum.com/ official web site]. His [http://jessekornblum.com/kornblum-cv.pdf Curriculum Vitae] has a current list of his papers. |
== Tools == | == Tools == | ||
| − | [[md5deep]] and [[hashdeep]] - Cross platform recursive [[hashing]] | + | [[md5deep]] and [[hashdeep]] - Cross platform recursive [[hashing]] and auditing programs, respectively. Computes MD5, SHA-1, SHA-256, Tiger and Whirlpool hashes. Can also match against sets of known hashes. The latter program uses [[multihashing]] to conduct a computer forensics audit. |
[[foremost]] - File [[carving]] program | [[foremost]] - File [[carving]] program | ||
| Line 12: | Line 12: | ||
[[dc3dd]] - A patch to add forensics features to [[dd|GNU dd]] | [[dc3dd]] - A patch to add forensics features to [[dd|GNU dd]] | ||
| + | |||
| + | [[Miss Identify]] - Program to identify Win32 executables that don't have an executable extension. Can also identify all executables. | ||
[[Category:People]] | [[Category:People]] | ||
Latest revision as of 10:08, 9 November 2012
Jesse Kornblum is a computer forensics author, researcher and engineer. You can read his official web site. His Curriculum Vitae has a current list of his papers.
Tools
md5deep and hashdeep - Cross platform recursive hashing and auditing programs, respectively. Computes MD5, SHA-1, SHA-256, Tiger and Whirlpool hashes. Can also match against sets of known hashes. The latter program uses multihashing to conduct a computer forensics audit.
foremost - File carving program
ssdeep - Usually called Fuzzy Hashing, this program implements Context Triggered Piecewise Hashing.
FRED - The First Responder's Evidence Disk
dc3dd - A patch to add forensics features to GNU dd
Miss Identify - Program to identify Win32 executables that don't have an executable extension. Can also identify all executables.
