Difference between revisions of "Hashkeeper"

From Forensics Wiki
Jump to: navigation, search
(Initial Stub)
 
(One intermediate revision by one user not shown)
Line 1: Line 1:
{{Expand}}
 
  
 
Run by the National Drug Intelligence Center, part of the U.S. Department of Justice.
 
Run by the National Drug Intelligence Center, part of the U.S. Department of Justice.
 +
 +
'''HashKeeper''' is a database application of value primarily to those conducting forensic examinations of computers on a somewhat regular basis.
 +
 +
== Overview ==
 +
The application uses the [[MD5]] file signature algorithm to establish unique numeric identifiers (hash values) for known files and compares those known hash values against the hash values of Computer file|files on a seized computer system. Where those values match, the examiner can say, with statistical certainty, that the corresponding files on the seized system have been authenticated and therefore do not need to be examined.
 +
 +
== Origins ==
 +
 +
Created by the National Drug Intelligence Center (NDIC)—an agency of the United States Department of Justice—in 1996, it was the first source for hash values of "known to be good" files.
 +
 +
== Availability ==
 +
HashKeeper is available, free-of-charge, to law enforcement, military and other government agencies throughout the world. It is available to the public by sending a [http://www.usdoj.gov/ndic/foia.htm Freedom of Information Act] request to NDIC.
  
 
== External Links ==
 
== External Links ==
  
* [http://www.usdoj.gov/ndic/about.htm Official website]
+
* [http://www.usdoj.gov/ndic/about.htm Official NDIC website]
  
 
[[Category:Hashing]]
 
[[Category:Hashing]]

Revision as of 18:37, 15 April 2007

Run by the National Drug Intelligence Center, part of the U.S. Department of Justice.

HashKeeper is a database application of value primarily to those conducting forensic examinations of computers on a somewhat regular basis.

Contents

Overview

The application uses the MD5 file signature algorithm to establish unique numeric identifiers (hash values) for known files and compares those known hash values against the hash values of Computer file|files on a seized computer system. Where those values match, the examiner can say, with statistical certainty, that the corresponding files on the seized system have been authenticated and therefore do not need to be examined.

Origins

Created by the National Drug Intelligence Center (NDIC)—an agency of the United States Department of Justice—in 1996, it was the first source for hash values of "known to be good" files.

Availability

HashKeeper is available, free-of-charge, to law enforcement, military and other government agencies throughout the world. It is available to the public by sending a Freedom of Information Act request to NDIC.

External Links