Difference between pages "BCWipe" and "Hashing"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Infobox and categories.)
 
m (Hash Lookup Services)
 
Line 1: Line 1:
{{Infobox_Software |
+
'''Hashing''' is a method for reducing large inputs to a smaller fixed size output. When doing forensics, typically cryptographic hashing algorithms like [[MD5]] and [[SHA-1]] are used. These functions have a few properties useful to forensics. Other types of hashing, such as [[Context Triggered Piecewise Hashing]] can also be used.
  name = BCWipe |
+
  maintainer = [[Jetico, Inc.]] |
+
  os = {{Linux}}, {{FreeBSD}}, {{OpenBSD}}, {{Solaris}}, Digital Unix, {{Irix}}, {{Windows}} |
+
  genre = {{Secure deletion}} |
+
  license = {{Commercial}}, {{Other license}} |
+
  website = [http://www.jetico.com/bcwipe3.htm jetico.com/bcwipe3.htm], [http://www.jetico.com/bcwipe_unix.htm jetico.com/bcwipe_unix.htm] |
+
}}
+
  
'''BCWipe''' is a secure data deletion tool for [[Windows]] and [[Unix]]-like [[operating systems]].
+
== Tools ==
 +
There are literally hundreds of hashing programs out there, but a few related to forensics are:
  
It supports [[US DoD 5200.28-STD]] compliant data deletion as well as the "[[Peter Gutmann]] wiping scheme".
+
* [[md5sum]] - Part of the [[GNU]] coreutils suite, this program is standard on many computers.
 +
* [[md5deep]] - Computes hashes, recursively if desired, and can compare the results to known values.
 +
* [[ssdeep]] - Computes and matches [[Context Triggered Piecewise Hashes]].
 +
 
 +
==Hash Databases==
 +
; [[National Software Reference Library ]]
 +
: The largest hash database
 +
 
 +
==Hash Lookup Services==
 +
There are several online services that allow you to enter a hash code and find out what the preimage might have been.  One way to find these services is to google for 'd41d8cd98f00b204e9800998ecf8427e' (the MD5 of the null string).
 +
 
 +
Here are some services that we have been able to find:
 +
 
 +
; http://nz.md5.crysm.net/
 +
: MD5 reverse lookup, operated by  Stephen D Cope. As of December 2007 this database had 28 million MD5 hashes. The author states that the database is divided into 256 MySQL tables to make the problem more tractable.  The database claims to include every two, three, and four digit combination, all dictionary words, and a pile of user-submitted data." But the author also states that they are attempting to calculate and index all possible MD5 indexes. Of course, this is an impossibility.
 +
 
 +
; http://us.md5.crysm.net/
 +
: Similar to the NZ server, but with only 16 million MD5 hashes.
 +
 
 +
; http://md5.benramsey.com
 +
: A nice forward and reverse demonstration system, with an XML and AJAX interface.
 +
 
 +
; http://www.hashcrack.com/
 +
: reverse hash lookup of MD5, SHA1, MySQL, NTLM, and Lanman hashes. Claims 75million hashes of 13.2 million unique words.
 +
 
 +
; http://gdataonline.com/seekhash.php
 +
: MD5 reverse lookup with approximately 1 million entries.

Revision as of 00:47, 16 December 2007

Hashing is a method for reducing large inputs to a smaller fixed size output. When doing forensics, typically cryptographic hashing algorithms like MD5 and SHA-1 are used. These functions have a few properties useful to forensics. Other types of hashing, such as Context Triggered Piecewise Hashing can also be used.

Tools

There are literally hundreds of hashing programs out there, but a few related to forensics are:

Hash Databases

National Software Reference Library
The largest hash database

Hash Lookup Services

There are several online services that allow you to enter a hash code and find out what the preimage might have been. One way to find these services is to google for 'd41d8cd98f00b204e9800998ecf8427e' (the MD5 of the null string).

Here are some services that we have been able to find:

http://nz.md5.crysm.net/
MD5 reverse lookup, operated by Stephen D Cope. As of December 2007 this database had 28 million MD5 hashes. The author states that the database is divided into 256 MySQL tables to make the problem more tractable. The database claims to include every two, three, and four digit combination, all dictionary words, and a pile of user-submitted data." But the author also states that they are attempting to calculate and index all possible MD5 indexes. Of course, this is an impossibility.
http://us.md5.crysm.net/
Similar to the NZ server, but with only 16 million MD5 hashes.
http://md5.benramsey.com
A nice forward and reverse demonstration system, with an XML and AJAX interface.
http://www.hashcrack.com/
reverse hash lookup of MD5, SHA1, MySQL, NTLM, and Lanman hashes. Claims 75million hashes of 13.2 million unique words.
http://gdataonline.com/seekhash.php
MD5 reverse lookup with approximately 1 million entries.