Difference between revisions of "Hashkeeper"
Latest revision as of 14:16, 6 February 2011
Run by the National Drug Intelligence Center, part of the U.S. Department of Justice.
HashKeeper is a database application of value primarily to those conducting forensic examinations of computers on a somewhat regular basis.
The application uses the MD5 file signature algorithm to establish unique numeric identifiers (hash values) for known files and compares those known hash values against the hash values of Computer file|files on a seized computer system. Where those values match, the examiner can say, with statistical certainty, that the corresponding files on the seized system have been authenticated and therefore do not need to be examined.
Created by the National Drug Intelligence Center (NDIC)—an agency of the United States Department of Justice—in 1996, it was the first source for hash values of "known to be good" files.
HashKeeper is available, free-of-charge, to law enforcement, military and other government agencies throughout the world. It is available to the public by sending a Freedom of Information Act request to NDIC.
- Example script (Media:Hashkeeper.txt) to produce a pair of Hashkeeper format files for a given set of target files (can be imported into EnCase).