Difference between revisions of "Jesse Kornblum"

From Forensics Wiki
Jump to: navigation, search
(Added hashdeep)
 
(6 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Jesse Kornblum is a computer forensics author, researcher and engineer. You can read more about him in his [http://en.wikipedia.org/wiki/Jesse_Kornblum Wikipedia entry] or his [http://jessekornblum.com/ official web site]. His [http://jessekornblum.com/kornblum-cv.pdf Curriculum Vitae] has a current list of his papers. He current works for [[ManTech]].
+
Jesse Kornblum is a computer forensics author, researcher and engineer. You can read his [http://jessekornblum.com/ official web site]. His [http://jessekornblum.com/kornblum-cv.pdf Curriculum Vitae] has a current list of his papers.
  
 
== Tools ==  
 
== Tools ==  
  
[[md5deep]] and [[hashdeep]] - Cross platform recursive [[hashing]] program. Computes MD5, SHA-1, SHA-256, Tiger and Whirlpool hashes. Can also match against sets of known hashes. The latter program uses [[multihashing]] to conduct a computer forensics audit.
+
[[md5deep]] and [[hashdeep]] - Cross platform recursive [[hashing]] and auditing programs, respectively. Computes MD5, SHA-1, SHA-256, Tiger and Whirlpool hashes. Can also match against sets of known hashes. The latter program uses [[multihashing]] to conduct a computer forensics audit.
  
 
[[foremost]] - File [[carving]] program  
 
[[foremost]] - File [[carving]] program  
Line 12: Line 12:
  
 
[[dc3dd]] - A patch to add forensics features to [[dd|GNU dd]]
 
[[dc3dd]] - A patch to add forensics features to [[dd|GNU dd]]
 +
 +
[[Miss Identify]] - Program to identify Win32 executables that don't have an executable extension. Can also identify all executables.
  
 
[[Category:People]]
 
[[Category:People]]

Latest revision as of 09:08, 9 November 2012

Jesse Kornblum is a computer forensics author, researcher and engineer. You can read his official web site. His Curriculum Vitae has a current list of his papers.

Tools

md5deep and hashdeep - Cross platform recursive hashing and auditing programs, respectively. Computes MD5, SHA-1, SHA-256, Tiger and Whirlpool hashes. Can also match against sets of known hashes. The latter program uses multihashing to conduct a computer forensics audit.

foremost - File carving program

ssdeep - Usually called Fuzzy Hashing, this program implements Context Triggered Piecewise Hashing.

FRED - The First Responder's Evidence Disk

dc3dd - A patch to add forensics features to GNU dd

Miss Identify - Program to identify Win32 executables that don't have an executable extension. Can also identify all executables.

Retrieved from "http://www.forensicswiki.org/w/index.php?title=Jesse_Kornblum&oldid=1075"