Computer Forensics: Re: hash of directory

Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Computer Forensics Computer-Forensics

[Top] [All Lists]

Re: hash of directory

from [Valdis . Kletnieks] Network Security

[Permanent Link]

Subject:	Re: hash of directory
Date:	Tue, 23 Nov 2004 15:24:44 -0500

On Tue, 23 Nov 2004 11:35:52 EST, Gary Kessler said:

Hey Max.

You could just ZIP the directory...


Ahh.. but would the hash of the .ZIP cover *all* the relevant meta-data
that you'd want covered by the hash?

First place to check would be stuff like access/create/modify timestamps, which
Zip has at least a theoretical snowball's chance of covering.

More problematic is whether the hash covers the block allocation information
(which can be pretty important if the analysis hinges on slack space scavenging
and related issues).  For that matter, I'm not sure hashing the directory
itself will preserve that info....

pgps6Ku5VY2FI.pgp
Description: PGP signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
MD5 Collisions and Evidence Integrity, Ferrill, Rob RE: MD5 Collisions and Evidence Integrity, dave kleiman RE: MD5 Collisions and Evidence Integrity, Warren Kruse RE: MD5 Collisions and Evidence Integrity, Jerry Shenk Re: MD5 Collisions and Evidence Integrity, Josh Tolley Re: MD5 Collisions and Evidence Integrity, Gary Kessler hash of directory, Maximillian Dornseif Re: hash of directory, Gary Kessler Re: hash of directory, Valdis . Kletnieks <= Re: hash of directory, Ron Re: hash of directory, Geoffrey Re: hash of directory, Alexander Klimov Re: hash of directory, Valdis . Kletnieks Re: hash of directory, subscribe Re: MD5 Collisions and Evidence Integrity, Maximillian Dornseif Re: MD5 Collisions and Evidence Integrity, Jack Seward RE: MD5 Collisions and Evidence Integrity, Svein Yngvar Willassen Re: MD5 Collisions and Evidence Integrity, Valdis . Kletnieks RE: MD5 Collisions and Evidence Integrity, Svein Yngvar Willassen

Previous by Date:	Re: hash of directory, Gary Kessler
Next by Date:	HTCIA Webinar, Warren Kruse
Previous by Thread:	Re: hash of directory, Gary Kessler
Next by Thread:	Re: hash of directory, Ron
Indexes:	[Date] [Thread] [Top] [All Lists]