Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Drive hashing-when is it *really* necessary?

from [Reava, Jeffrey] Network Security [Permanent Link]
Subject: RE: Drive hashing-when is it *really* necessary?
Date: Thu, 24 Mar 2005 13:22:53 -0500 
From FBI testimony regarding the Moussaui investigation in 2001:


"Because SafeBack and the Logicube SFK-000A hand-held disk duplicator
have been validated by CART as computer forensic imaging tools reliably
capable of producing verifiable results, and because SafeBack and the
Logicube SFK-000A incorporate reliable internal CRC verification
techniques, CART procedures do not require examiners to generate
separate MD5 or
SH-1 hashes for computers imaged using SafeBack or Logicube SFK-000A
disk duplicator."

The FBI relies on validation testing, and their explanation in the full
testimony to me is very persuasive; especially for high volume
scenarios:

http://homepage.cs.uri.edu/courses/hpr108b/readings/MD5_case.html

Jeff

-----Original Message-----
From: Matteo G.P. Flora [mailto:flora@alvillage.com] 
Sent: Thursday, March 24, 2005 11:07 AM
To: forensics@securityfocus.com
Subject: Re: Drive hashing-when is it *really* necessary?

<snip>
That doesn't mean that hashing IS a must. It certainly IS the BEST WAY
to do it, but not the only one. Hardware blockers, for example, by
major firms have been certified by NSA & various agencies and these
certification ARE legally sound.
</snip>



-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Drive hashing-when is it *really* necessary?, Greg Kelley
Next by Date:  RE: Drive hashing-when is it *really* necessary?, Trevor Odonnal
Previous by Thread:  RE: Drive hashing-when is it *really* necessary?, Greg Kelley
Next by Thread:  RE: Drive hashing-when is it *really* necessary?, Trevor Odonnal
Indexes:  [Date] [Thread] [Top] [All Lists]