HOME

TheInfoList



Click Here for Items Related To - HashKeeper
OR:
HashKeeper on:   [Wikipedia]   [Google]   [Amazon]

HashKeeper is a
database In computing, a database is an organized collection of data or a type of data store based on the use of a database management system (DBMS), the software that interacts with end users, applications, and the database itself to capture and a ...
application of value primarily to those conducting
forensic Forensic science combines principles of law and science to investigate criminal activity. Through crime scene investigations and laboratory analysis, forensic scientists are able to link suspects to evidence. An example is determining the time and ...
examinations of
computer A computer is a machine that can be Computer programming, programmed to automatically Execution (computing), carry out sequences of arithmetic or logical operations (''computation''). Modern digital electronic computers can perform generic set ...
s on a somewhat regular basis.


Overview

HashKeeper uses the
MD5 The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4, and was specified in 1992 as Request for Comments, RFC 1321. MD5 ...
file signature
algorithm In mathematics and computer science, an algorithm () is a finite sequence of Rigour#Mathematics, mathematically rigorous instructions, typically used to solve a class of specific Computational problem, problems or to perform a computation. Algo ...
to establish unique numeric identifiers (hash values) for files "known to be good" and "known to be bad." The HashKeeper application was developed to reduce the amount of time required to examine files on digital media. Once an examiner defines a file as known to be good, the examiner need not repeat that analysis. HashKeeper compares hash values of known to be good files against the hash values of files on a computer system. Where those values match "known to be good" files, the examiner can say, with substantial certainty, that the corresponding files on the computer system have been previously identified as known to be good and therefore do not need to be examined. Where those values match known to be bad files, the examiner can say with substantial certainty that the corresponding files on the system being examined that the files are bad and therefore require further scrutiny. A hash match on known to be bad files does not relieve the examiner of the responsibility of verifying that the file or files are, in fact, of a criminal nature.


Availability

HashKeeper was available, free-of-charge, to
law enforcement Law enforcement is the activity of some members of the government or other social institutions who act in an organized manner to enforce the law by investigating, deterring, rehabilitating, or punishing people who violate the rules and norms gove ...
,
military A military, also known collectively as armed forces, is a heavily armed, highly organized force primarily intended for warfare. Militaries are typically authorized and maintained by a sovereign state, with their members identifiable by a d ...
and other
government agencies A government agency or state agency, sometimes an appointed commission, is a permanent or semi-permanent organization in the machinery of government (bureaucracy) that is responsible for the oversight and administration of specific functions, ...
throughout the world. It is available to the public by sending a Freedom of Information Act request to NDIC. In the 2012 United States budget, NDIC was de-funded and closed its doors on June 16, 2012. The availability and future of HashKeeper is uncertain.


See also

* National Software Reference Library *
Rainbow table A rainbow table is a precomputed table for caching the outputs of a cryptographic hash function, usually for cracking password hashes. Passwords are typically stored not in plain text form, but as hash values. If such a database of hashed passw ...


References

http://www.justice.gov/archive/ndic/ndic-moved.html

Computer forensics Digital forensics software {{database-stub