Question

In: Accounting

what is hash in digital forensic?

what is hash in digital forensic?

Solutions

Expert Solution

A hash value is a result of a calculation (hash algorithm) that can be performed on a string of text, electronic file or entire hard drives contents. The result is also referred to as a checksum, hash code or hashes. Hash values are used to identify and filter duplicate files (i.e. email, attachments, and loose files) from an ESI collection or verify that a forensic image or clone was captured successfully.
Each hashing algorithm uses a specific number of bytes to store a “ thumbprint” of the contents. The following is a list of hash values for the same text file. Regardless of the amount of data feed into a specific hash algorithm or checksum it will return the same number of characters. For example, an MD5 hash uses 32 characters for the thumbprint whether it’s a single character in a text file or an entire hard drive.

There are also various length hashes within a family (SHA-1, SHA-256 et.) The most common hash values are MD5, SHA-1 and SHA-256. The longer hash values require more time to calculate and are designed to reduce the probability of a collision.

In short hash values are a reliable, fast, and secure way to compare the contents of individual files and media. Whether it’s a single text file containing a phone number or five terabytes of data on a server, calculating hash values are an invaluable process for Deduplication and evidence verification in electronic discovery and computer forensics.


Related Solutions

DIGITAL FORENSIC TOOKS: 1. USB FORENSIC What value could this artifact have for investigation? What kinds...
DIGITAL FORENSIC TOOKS: 1. USB FORENSIC What value could this artifact have for investigation? What kinds of information can you extract? 2. WINDOWS REGISTRY What value could this artifact have for investigation? What kinds of information can you extract? What were they following originally designed for What kind of forensic value could they provide in the in a digital investigation? What are some of the limitations of each type of the artifact? Link Files Prefetch ShimCache Shellbags Jump lists VSS...
you are a Digital Forensic investigator who has been hired by the attorney for the convicted...
you are a Digital Forensic investigator who has been hired by the attorney for the convicted party. The attorney tells you that the case is under appeal based on the argument that the 'con artist' was coerced to confess. The attorney also gives you a cellphone belonging to his party and asks you to run a thorough examination of the mobile device to extract any data that may be important to this case. Detail the steps you would take in...
Based on the material from the "U.S. Department of Justice Forensic Examination of Digital Evidence: A...
Based on the material from the "U.S. Department of Justice Forensic Examination of Digital Evidence: A Guide for Law Enforcement" document, explain some important parts of the computer forensic process. Provide short and concise answers to the following questions: What are some of the key considerations for an "on-site" examiner, also known as a "first responder"? What are two attributes of a timestamp that could be located on a computer system? (List and explain.) When documenting and reporting a computer...
A2Z Forensics is a digital forensics investigation firm that conducts forensic investigations for public as well...
A2Z Forensics is a digital forensics investigation firm that conducts forensic investigations for public as well as private sectors. You are working in this firm as a forensics specialist for a number of years now. The firm is establishing a new forensics lab to meet the future requirements. You have been asked to prepare a business case for this new lab. Your job is to focus on three aspects of the new lab which are hardware, software and lab security....
What is a hash and what is its relevance to passwords?
What is a hash and what is its relevance to passwords?
“U.S. Department of Justice Forensic Examination of Digital Evidence: A Guide for Law Enforcement” Provide short...
“U.S. Department of Justice Forensic Examination of Digital Evidence: A Guide for Law Enforcement” Provide short and concise answers to the following questions: What are some of the key considerations for an "on-site" examiner, also known as a "first responder"?
What are the (1) hash algorithm identifier, (2) cost factor, (3) salt, and (4) hash value...
What are the (1) hash algorithm identifier, (2) cost factor, (3) salt, and (4) hash value of the following given hashed password that is generated by bcrypt()? $2y$16$.2Boh8Y80U.RaFr1sFdaKuP5/B2Z3I8OM7vUTUvPzD2UEG3VMcXra
SHOW WORK Draw the hash table that results using the hash function: h(k)=kmod7 to hash the...
SHOW WORK Draw the hash table that results using the hash function: h(k)=kmod7 to hash the keys 41, 16, 40, 47, 10, 55. Assuming collisions are handled by Double hashing. SHOW WORK
3. Draw the hash table that results using the hash function: h(k)=kmod 7 to hash the...
3. Draw the hash table that results using the hash function: h(k)=kmod 7 to hash the keys 50, 700, 76, 85, 92, 73, 101. Assuming collisions are handled by Quadratic probing. Don't write a program. Just please manually solve the problem. Thanks.
What is Forensic Auditing? Show how you would utilize ACL in a forensic audit.
What is Forensic Auditing? Show how you would utilize ACL in a forensic audit.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT