Difference between pages "MD5" and "Tsk-cp"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Corrections)
 
 
Line 1: Line 1:
The '''Message-Digest algorithm 5''' ('''MD5''') is a cryptographic [[hash|hash function]] that produces a 128-bit hash value. Originally developed in 1991, much as has been written about this algorithm. As such, this article concentrates only on its application to computer forensics.
+
Tsk-cp is a set of [[LibCarvPath]] aware versions of [[Sleuthkit]] tools, that are for use together with the
 +
normal versions of the other sleuthkit tools in the process of doing [[zero storage carving]].
  
== Tools ==
+
The tools are:
  
On most [[Unix]] systems the tools [[digest]] -a md5 (Solaris), [[md5]] (BSD) or [[md5sum]] (GNU) can be used to compute the MD5 hash of a file or device. [[md5deep]] can compute MD5 hashes of whole directory trees.
+
* mmls-cp : A CarvPath based version of mmls for listing a partitioned carvpath disk images as a list of partition carvpaths.
 +
* dls-cp : A CarvPath based version of dls for listing all continuous unallocated fragments of a carvpath partition holding a filesystem as a list of unallocated block carvpaths.
 +
* icat-cp : A CarvPath based version of icat that instead of copying out the data of an inode within a carvpath partition holding a filesystem as the carvpath of the file and the carvpath of the [[file slack]].
  
== Weaknesses ==
+
The carvpaths output by dls-cp can be used as the input of a CarvPath aware carving tool.
  
Recently some cryptographic weaknesses have been found in MD5. Tool developers should avoid using MD5 in new products in favor of other hash functions like [[RIPEMD-160]], [[Tiger]], [[WHIRLPOOL]], [[SHA-256]] or [[SHA-512]]. Host Intrusion Detection systems and hash databases should also use multiple hash algorithms.
+
== See Also ==
 
+
* [Open Computer Forensics Architecture]
== External Links ==
+
 
+
* [http://en.wikipedia.org/wiki/Md5 Wikipedia: MD5]
+
* [http://deepbyte.com/blog/2006/02/is_the_md5_hash_unreliable.html Is the MD5 hash unreliable?]
+
* [http://unixsadm.blogspot.com/2007/11/exploiting-md5-and-other-hashing.html Collection of exploits and weaknesses in MD5]
+
 
+
[[Category:Hashing]]
+

Revision as of 01:30, 11 August 2012

Tsk-cp is a set of LibCarvPath aware versions of Sleuthkit tools, that are for use together with the normal versions of the other sleuthkit tools in the process of doing zero storage carving.

The tools are:

  • mmls-cp : A CarvPath based version of mmls for listing a partitioned carvpath disk images as a list of partition carvpaths.
  • dls-cp : A CarvPath based version of dls for listing all continuous unallocated fragments of a carvpath partition holding a filesystem as a list of unallocated block carvpaths.
  • icat-cp : A CarvPath based version of icat that instead of copying out the data of an inode within a carvpath partition holding a filesystem as the carvpath of the file and the carvpath of the file slack.

The carvpaths output by dls-cp can be used as the input of a CarvPath aware carving tool.

See Also

  • [Open Computer Forensics Architecture]