HOME

TheInfoList



Click Here for Items Related To - HashKeeper
OR:
HashKeeper on:   [Wikipedia]   [Google]   [Amazon]

HashKeeper is a database application of value primarily to those conducting forensic examinations of
computer A computer is a machine that can be programmed to Execution (computing), carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as C ...
s on a somewhat regular basis.


Overview

HashKeeper uses the MD5 file signature algorithm to establish unique numeric identifiers (hash values) for files "known to be good" and "known to be bad." The HashKeeper application was developed to reduce the amount of time required to examine files on digital media. Once an examiner defines a file as known to be good, the examiner need not repeat that analysis. HashKeeper compares hash values of known to be good files against the hash values of files on a computer system. Where those values match "known to be good" files, the examiner can say, with substantial certainty, that the corresponding files on the computer system have been previously identified as known to be good and therefore do not need to be examined. Where those values match known to be bad files, the examiner can say with substantial certainty that the corresponding files on the system being examined that the files are bad and therefore require further scrutiny. A hash match on known to be bad files does not relieve the examiner of the responsibility of verifying that the file or files are, in fact, of a criminal nature.


History

Created by the National Drug Intelligence Center (NDIC)—a component of the United States Department of Justice—in 1996, it was the first large scale source for hash values of "known to be good" and "known to be bad" files. HashKeeper was, and still is, the only community effort based upon the belief that members of state, national, and international law enforcement agencies can be trusted to submit properly categorized hash values. One of the first community sources of "known to be good" hash values was the United States
Internal Revenue Service The Internal Revenue Service (IRS) is the revenue service for the United States federal government, which is responsible for collecting U.S. federal taxes and administering the Internal Revenue Code, the main body of the federal statutory ta ...
. The first source of "known to be bad" hash values was the Luxembourg Police who contributed hash values of recognized child pornography.


Availability

HashKeeper is available, free-of-charge, to law enforcement, military and other government agencies throughout the world. It is available to the public by sending a Freedom of Information Act request to NDIC. In the 2012 United States budget, NDIC was de-funded and closed its doors on June 16, 2012. The availability and future of HashKeeper is uncertain.


Sources

''HashKeeper Overview'', National Drug Intelligence Center.


See also

*
National Software Reference Library The National Software Reference Library (NSRL), is a project of the National Institute of Standards and Technology (NIST) which maintains a repository of known software, file profiles and file signatures for use by law enforcement and other organiz ...
*
Rainbow table A rainbow table is an efficient way to store data that has been computed in advance to facilitate cracking passwords. To protect stored passwords from compromise in case of a data breach, organizations avoid storing them directly, instead transfo ...


References

http://www.justice.gov/archive/ndic/ndic-moved.html http://www.nsrl.nist.gov/nsrl-faqs.html#faq12 Computer forensics Digital forensics software {{database-stub