A cryptographic hash function is a one way

Info icon This preview shows pages 6–9. Sign up to view the full content.

A cryptographic hash function is a one-way computational mathematical operation that takes a stream of data and returns a fix sized bit string known as cryptographic hash value, this value is unique, any small modification to the file will change it. For instance, modifying a single pixel on a photograph will not be noticeable by the human eye but a cryptographic hashing of the picture will return value differing from the original. As a forensic professional, I am aware of various hash algorithms but would choose either MD5 or SHA1. MD5 (128 bit) and SHA1 (160 bit) are cryptographic hash functions used to encrypt information by generating a hash based on the passed byte structure. Although MD5 is not a very secure hashing algorithm, since it is vulnerable to collision attacks, it is still widely used to check the file integrity. It was demonstrated that it is possible to create two different files that will have the same MD5 hash. SHA1 is a much more secure hashing algorithm, although its principles are somewhat based on those of MD5. For general use, both MD5 and SHA1 are very efficient and most likely will be used for a little while more[Sur14]. MD5 and SHA1 provides the forensic investigator with the opportunity to detect very negligible variations within a message that CRC and other values cannot 2. What is the MD5 hash value of your image? Did the hash values match? The hash MD5 hash value is 6ab2cde075528764e3b17b789d62f1ac. Yes, the hash value matched.
Image of page 6

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

3. What are the possible issues/causes if the hash of your original does not match your forensic copy? The modification of data creates issues with hash value to differ between the original source and the forensic copy. A very simple way to determine this is comparing the hash values prior and after. 4. What is the significance of the Chain of Custody PDF form from Adepto? Why is it needed? Chain of Custody form from Adepto is a legal document that provides the information of the investigators that had access to the data and the media. It contains information of the media, the date and time the evidence was collected, and name of the image file, name of the investigator that created the image file, the MD5 Hash value and the type of the image that saved. During an investigation, one of the crucial step is to make sure that the integrity of the data is intact, or otherwise, the data acquired from the media will not be considered hold no value in a court. The Chain of Custody form can help the investigators to identify who was in contact with the media and the data found on that media, and would make it easier for them to track back if need arises and if the integrity of the data has been compromised. 5. What are the possible issues if your OS automatically mounts your drive prior to creating your forensic duplicate? A possible issue that could occur if your OS automatically mounts your drive prior to creating your forensic duplicate is that the information that you wanted to keep unchanged for the duplicate could become corrupted or altered.
Image of page 7
When the OS automatically mounts the drive, it shows that the OS reorganizes the drive. At times, this goes a long way to determine the chances of some data been
Image of page 8

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

Image of page 9
This is the end of the preview. Sign up to access the rest of the document.
  • Fall '14
  • Uribe
  • hash function, Cryptographic hash function, hash value, image file, md5 hash, lab1 instructions

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern