Presentation is loading. Please wait.

Presentation is loading. Please wait.

MD5 Summary and Computer Examination Process Introduction to Computer Forensics.

Published byJasmine Walsh Modified over 9 years ago

Similar presentations

Presentation on theme: "MD5 Summary and Computer Examination Process Introduction to Computer Forensics."— Presentation transcript:

1 MD5 Summary and Computer Examination Process Introduction to Computer Forensics

2 Computer Examination The prime objective of the analyst is to recover and secure a true copy of the data stored on the medium. This should be done, wherever possible, without any alteration of the original data as a whole.

3 Computer Examination ◦ The integrity of the original data must be preserved. ◦ Use the non-intrusive examination techniques. ◦ If the original data has to be examined, for whatever reason, the analyst must be competent to do so and to give evidence explaining their actions. Trained and qualified staff must be used ◦ An audit trail is required and an independent party must be able to reproduce the same actions and get the same result. Full log of all actions must be kept

4 Computer Examination Search and seizure of the machines Examination Process The production of the evidential material at Court

5 The ACPO Good Practice Guide The Association of Chief Police Officers (APCO) Crime Committee have produced a Good Practice Guide for Computer Based Evidence The ACPO principles give a good practice that must be applied to the process of examination.

6 The Principles of Computer-Based Evidence No action taken by Police or their agents should change data held on a computer or other media which may subsequently be relied upon in Court In exceptional circumstances where a person finds it necessary to access original data held on a target computer, that person must be competent to do so and to give evidence explaining the relevance and the implications of their actions.

7 The Principles of Computer-Based Evidence An audit trail or other record of all processes applied to computer-based evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.

8 The Principles of Computer-Based Evidence The Officer in charge of the case is responsible for ensuring that the law and these principles are adhered to. This applies to the possession of, and access to, information contained in a computer. They must be satisfied that anyone accessing the computer, or any use of copying device, complies with these laws and principles.

9 Cryptographic Integrity Services It is difficult to show that evidence (any kind of evidence) that was collected is the same as what was left behind by a criminal. In the digital world, it is possible to show that evidence didn’t not change at all after it was collected.

10 Cryptographic Integrity Services The proof of integrity is provided by calculating a value that functions as a sort of electronic fingerprint for an individual file or even an entire floppy or hard drive. This is a cryptographic technique and the value is called hash value or cryptographic checksum, also known as a message digest or fingerprint, and it is basically a digital signature. The checksum is created by applying an algorithm to a file. The checksum for each file is unique to that file. Checksum is a perfect attribute to use when verifying file integrity.

11 Cryptographic Integrity Services Two algorithms, MD5 and SHA (secure hash algorithm), are in common use today. A cryptographic hash algorithm is a one-way form of encryption, taking a variable-length input and providing a fixed length output. Such an algorithm is designed to be collision free, meaning that is functionally impossible to create a document that has the same checksum value as another document.

12 Cryptographic Integrity Services The MD5 algorithm outputs a 128-bit hash value. MD5 was designed by Ron Rivest in 1991 The SHA algorithm, is a cryptographic hash function designed by the National Security Agency. USA Federal Information Processing Standard

13 Cryptographic Integrity Services SHA-1 outputs a 160 – bit hash value. SHA -2 outputs 224/256 bits or 384/512 bits hash value The Secure Hash Standard (SHS) is a set of cryptographically secure hash algorithms specified by the National Institute of Standards and Technology (NIST).hash The current version of the SHS standard is the document NIST FIPS 180-4, which specifies seven Secure Hash Algorithms: SHA-1, SHA-224, SHA-256, SHA-384, SHA- 512, SHA-512/224 and SHA-512/256.

14 Cryptographic Integrity Services On October 2, 2012, Keccak was selected as the winner of the NIST hash function competition. SHA-3 is not meant to replace SHA-2, as no significant attack on SHA-2 has been demonstrated. Because of the successful attacks on MD5 and SHA-0 and theoretical attacks on SHA-1 and SHA-2, NIST perceived a need for an alternative, dissimilar cryptographic hash, which became SHA-3.

15 Cryptographic Integrity Services As of April 2014, NIST has updated Draft FIPS Publication 202, SHA-3 Standard separate from the Secure Hash Standard (SHS). NIST Computer Security Division http://csrc.nist.gov/

16 Hash functions are used by forensic examiners in two ways: First, hash functions can positively verify that a file has been altered. ◦ For pre-incident preparation, prepare a known-good copy of the system, create checksums for critical system files BEFORE the incident occurs. ◦ In the event of the incident, create new checksums for the same critical files, and then compare two versions. ◦ If the checksums match, the files have not been modified.

17 Hash Functions Forensics Use Second use of the checksums or hash functions is to verify that files (or their copies) are intact and have not been changed. A computer crime investigator gathers digital evidence that needs to be preserved and verified in the future. When the examiner runs a MD5 algorithm and collects MD5 checksums against evidence files and save the checksums, he or she can demonstrate that the files were not manipulated between the time of their initial collection and the trial. Use MD5 sum to protect the integrity of the files you retrieve during the response. It is good to perform MD5 sum collection in the presence of witnesses – TWO-MAN integrity rule.

Download ppt "MD5 Summary and Computer Examination Process Introduction to Computer Forensics."

Similar presentations

Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Software Certification and Attestation Rajat Moona Director General, C-DAC.

Software Certification and Attestation Rajat Moona Director General, C-DAC.
COEN 252 Computer Forensics

COEN 252 Computer Forensics
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,

Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.

Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Computer Forensics Principles and Practices

Computer Forensics Principles and Practices
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Cryptographic Technologies

Cryptographic Technologies
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
COS/PSA 413 Lab 4. Agenda Lab 3 write-ups over due –Only got 9 out of 10 Capstone Proposals due TODAY –See guidelines in WebCT –Only got 4 out of 10 so.

COS/PSA 413 Lab 4. Agenda Lab 3 write-ups over due –Only got 9 out of 10 Capstone Proposals due TODAY –See guidelines in WebCT –Only got 4 out of 10 so.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.

Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.

Similar presentations

Ads by Google